APAR status
Closed as program error.
Error description
To avoid security scanning tools reporting vulnerability with webadmin, it may require the Cache-Control value returned by webadmin to be set as 'no-cache, no-store' Additional Symptom(s) Search Keyword(s):
Local fix
NA
Problem summary
**************************************************************** USERS AFFECTED: <span style="background-color:rgb(255, 255, 255)">All users of IBM Integration Bus V10.0 running third party security scanning tools on the web user interface.</span> Platforms affected: z/OS, MultiPlatform **************************************************************** PROBLEM DESCRIPTION: <span style="background-color:rgb(255, 255, 255)">To avoid security scanning tools reporting vulnerability with IIB web user interface</span><span style="background-color:rgb(255, 255, 255)">, it may require the Cache-Control value returned by the web user interface </span><span style="background-color:rgb(255, 255, 255)">to be set as 'no-cache, no-store' </span>
Problem conclusion
A new environment variable, named MQSI_WEBADMIN_CACHE_CONTROL, is introduced. It can be used to set the value of the Cache-Control to be returned in the responses from web user interface. The environment variable can be set as below and restart the integration node to take effect. <p> Unix:</p><p> export <span style="background-color:rgb(255, 255, 255)">MQSI_WEBADMIN_CACHE_CONTROL</span>='no-cache, no-store' Windows (set in mqsiprofile) : set <span style="background-color:rgb(255, 255, 255)"> </span><span style="background-color:rgb(255, 255, 255)">MQSI_WEBADMIN_CACHE_CONTROL</span><span style="background-color:rgb(255, 255, 255)">='no-cache, no-store' </span></p> --------------------------------------------------------------- The fix is targeted for delivery in the following PTFs: Version Maintenance Level v10.0 10.0.0.21 The latest available maintenance can be obtained from: http://www-01.ibm.com/support/docview.wss?rs=849&uid=swg27006041 If the maintenance level is not yet available,information on its planned availability can be found on: http://www-1.ibm.com/support/docview.wss?rs=849&uid=swg27006308 ---------------------------------------------------------------
Temporary fix
Comments
APAR Information
APAR number
IT30868
Reported component name
INTEGRATION BUS
Reported component ID
5724J0540
Reported release
A00
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2019-11-06
Closed date
2020-06-03
Last modified date
2020-06-03
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
INTEGRATION BUS
Fixed component ID
5724J0540
Applicable component levels
RA00 PSY
UP
[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSNQK6","label":"IBM Integration Bus"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"10.0","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
12 June 2020