Fixes are available
Operational Decision Manager V8.8.1.3: Interim Fix 88
Operational Decision Manager V8.8.1.3: Interim Fix 89
Operational Decision Manager V8.8.1.3: Interim Fix 90
Operational Decision Manager V8.8.1.4 Fix Pack
Operational Decision Manager V8.8.1.3: Interim Fix 92
Operational Decision Manager V8.8.1.3: Interim Fix 93
Operational Decision Manager V8.8.1.3: Interim Fix 94
Operational Decision Manager V8.8.1.3: Interim Fix 95
Operational Decision Manager V8.9.2.2 Fix Pack
Operational Decision Manager for z/OS 8.9.2.2 Fix Pack
Operational Decision Manager V8.8.1.3: Interim Fix 97
Operational Decision Manager V8.8.1.3: Interim Fix 98
Operational Decision Manager V8.8.1.3: Interim Fix 101
Operational Decision Manager V8.8.1.4: Interim Fix 8
APAR status
Closed as program error.
Error description
The code in the JSP /manageJobsProgress.jsp could be invoked by an unauthenticated user by simply entering the URL in a web browser and a HTTP Status 200 is returned instead of a HTTP status 401 Unauthorized Notes: 1. This JSP is only invoked by Enterprise console when working with DVS 2. If the request is forged (change the value of a parameter for example), the server answers HTTP Status 200 but the back-end code is not invoked. 3. If the request has the correct parameters, the server answers HTTP Status 200 and the back-end code could be invoked. The execution could be random but it only does read-only access to the data.
Local fix
N/A
Problem summary
**************************************************************** * USERS AFFECTED: * * Users in the decision center. * **************************************************************** * PROBLEM DESCRIPTION: * * Unauthenticated users can access some ODM pages, which could * * cause unauthorized use of ODM. * **************************************************************** * RECOMMENDATION: * ****************************************************************
Problem conclusion
The code was fixed.
Temporary fix
Comments
APAR Information
APAR number
RS03197
Reported component name
WS DECISION CTR
Reported component ID
5725B6900
Reported release
881
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2018-09-21
Closed date
2018-09-24
Last modified date
2018-09-24
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WS DECISION CTR
Fixed component ID
5725B6900
Applicable component levels
R881 PSY
UP
Document Information
Modified date:
03 November 2021