Fixes are available
APAR status
Closed as program error.
Error description
xss vulnerabilities in enterprise console with textfields
Local fix
N/A
Problem summary
**************************************************************** * USERS AFFECTED: * * Business users editing folder name in Business Console * **************************************************************** * PROBLEM DESCRIPTION: * * The folder name is not protected against introducing special * * characters which allows for injecting scripts. * **************************************************************** * RECOMMENDATION: * ****************************************************************
Problem conclusion
the folder name is verified to prevent from entering illegal characters so that it is no longer possible to use script for name
Temporary fix
Comments
APAR Information
APAR number
RS03221
Reported component name
WS DECISION CTR
Reported component ID
5725B6900
Reported release
892
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2018-12-07
Closed date
2018-12-19
Last modified date
2018-12-19
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WS DECISION CTR
Fixed component ID
5725B6900
Applicable component levels
R892 PSY
UP
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSQP76","label":"IBM Operational Decision Manager"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"892","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
03 November 2021