IBM Support

JR51231: VARIOUS IBM BPM SCRIPTS REQUIRE CREDENTIALS TO BE SPECIFIED ON THE COMMAND LINE

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • Various IBM Business Process Manager (BPM) scripts require user
    name and password credentials to be specified on the command
    line.
    Because these scripts could run for hours, other users might see
    that these script are running, which is a security exposure.
    

Local fix

  • Because these IBM BPM scripts are just convenience wrappers
    around wsadmin AdminTasks, you can run the AdminTask by using
    the wsadmin command directly without providing a user name and
    password on the command line.
    

Problem summary

  • A security exposure occurs because of improper parameter
    handling in various IBM BPM scripts.
    

Problem conclusion

  • A fix is available for IBM BPM V8.0.1.3 that allows you to omit
    the user name and password credentials on the command line for
    IBM BPM scripts and return to using the default credential from
    the wsadmin utility of WebSphere Application Server.
    
    On Fix Central (http://www.ibm.com/support/fixcentral), search
    for JR51231:
    
    1. Select IBM Business Process Manager with your edition from
      the product selector, the installed version to the fix pack
      level, and your platform, and then click Continue.
    
    2. Select APAR or SPR, enter JR51231, and click Continue.
    
    When you download fix packages, ensure that you also download
    the readme file for each fix. Review each readme file for
    additional installation instructions and information about the
    fix.
    

Temporary fix

  • Not applicable
    

Comments

APAR Information

  • APAR number

    JR51231

  • Reported component name

    BPM STANDARD

  • Reported component ID

    5725C9500

  • Reported release

    801

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2014-09-10

  • Closed date

    2015-10-27

  • Last modified date

    2015-10-27

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    BPM STANDARD

  • Fixed component ID

    5725C9500

Applicable component levels

  • R801 PSY

       UP

[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSFTDH","label":"IBM Business Process Manager Standard"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"8.0.1","Edition":"","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]

Document Information

Modified date:
27 October 2015