Direct links to fixes
APAR status
Closed as fixed if next.
Error description
Using the trustee account (external.trustee.02) and the Image upload functionality within the Maintain User Profile page, it was possible to upload an HTML file containing JavaScript when renamed to .jpg
Local fix
no
Problem summary
The vulnerability has been identified
Problem conclusion
The vulnerability has been resolved in the 3.5.1 mod release, as well as the 3.4.2.4 and 3.5.0.2 fix packs.
Temporary fix
Comments
APAR Information
APAR number
IV85103
Reported component name
TRI APPLCATION
Reported component ID
5725F26AB
Reported release
342
Status
CLOSED FIN
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2016-05-23
Closed date
2016-06-27
Last modified date
2016-06-27
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Modules/Macros
None 999
Fix information
Applicable component levels
R351 PSY
UP
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSHEB3","label":"IBM TRIRIGA Application Platform"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"342","Edition":"","Line of Business":{"code":"LOB59","label":"Sustainability Software"}}]
Document Information
Modified date:
30 March 2022