Direct links to fixes
APAR status
Closed as program error.
Error description
A REST service framework used in IBM BPM's WebViewer component fails to set the Content-Type header for HTTP 500 error responses. IE 11 has been observed to execute script included in an error response even with content sniffing disabled. This issue affects IBM BPM Process Center and Process Server deployments.
Local fix
Problem summary
No additional information is available.
Problem conclusion
A fix for IBM BPM V8.5.0.2, V8.5.5.0, V8.5.6.0 and V8.5.7.0 is available that properly sets HTTP response headers to prevent browsers from executing injected script.
Temporary fix
not applicable
Comments
APAR Information
APAR number
JR56800
Reported component name
BPM ADVANCED
Reported component ID
5725C9400
Reported release
856
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2016-10-10
Closed date
2017-03-31
Last modified date
2017-03-31
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
BPM ADVANCED
Fixed component ID
5725C9400
Applicable component levels
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSFTN5","label":"IBM Business Process Manager Advanced"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"856","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
04 September 2023