APAR status
Closed as program error.
Error description
CVEID: CVE-2021-29753 Description: IBM Cloud Pak for Business Automation transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. CVSS Base Score: 5.9 CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/201919 for more information CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
Local fix
Problem summary
No additional information is available. PRODUCTS AFFECTED IBM Cloud Pak for Business Automation
Problem conclusion
A fix is available or will be available that prevents passwords in Servers and REST service bindings from being transmitted to a client browser.
Temporary fix
Comments
APAR Information
APAR number
JR63714
Reported component name
CLOUD PAK FOR A
Reported component ID
5737I2300
Reported release
L00
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2021-05-19
Closed date
2021-11-11
Last modified date
2021-11-11
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
CLOUD PAK FOR A
Fixed component ID
5737I2300
Applicable component levels
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBYVB","label":"IBM Cloud Pak for Business Automation"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"L00","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
11 March 2022