APAR status
Closed as fixed if next.
Error description
Apache Standard taglibs before 1.2.3 allows attackers to execute arbitrary code or conduct external XML entiry (XXE) attacks via a crafted XSLT extension in a (1) <x: parse> or (2) <x:transform> JSTL XML tag.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: * * All Users * **************************************************************** * PROBLEM DESCRIPTION: * * See Error Description * **************************************************************** * RECOMMENDATION: * * Upgrade to IBM Cognos Analytics 11.1.7 * ****************************************************************
Problem conclusion
Temporary fix
Comments
APAR Information
APAR number
PH14030
Reported component name
COGNOS ANALYTIC
Reported component ID
5724W12XX
Reported release
A11
Status
CLOSED FIN
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2019-07-01
Closed date
2020-07-29
Last modified date
2020-07-29
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Applicable component levels
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSTSF6","label":"IBM Cognos Analytics"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"A11","Line of Business":{"code":"LOB10","label":"Data and AI"}}]
Document Information
Modified date:
30 July 2020