A fix is available
APAR status
Closed as program error.
Error description
Strict Transport Security not enforced (medium) - response does not include a Strict-Transport-Security header. Vulnerability classifications: CWE-523: Unprotected Transport of Credentials Login pages do not use adequate measures to protect the user name and password while they are in transit from the client to the server.
Local fix
HSTS header added to all HTTPS responses from OAuth
Problem summary
Strict Transport Security will be added to OAuth API calls.
Problem conclusion
The fix is in 2018.4.1.14 and 10.0.1.1
Temporary fix
Comments
APAR Information
APAR number
IT34349
Reported component name
DATAPOWER
Reported component ID
DP1234567
Reported release
18X
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2020-09-24
Closed date
2021-01-12
Last modified date
2022-01-12
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
DATAPOWER
Fixed component ID
DP1234567
Applicable component levels
[{"Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS9H2Y","label":"IBM DataPower Gateways"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"18X"}]
Document Information
Modified date:
13 January 2022