APAR status
Closed as program error.
Error description
A cross site scripting security vulnerability was found in Webfacing.action file, both for the AID and CURSOR parameters. These parameters are defined in ScreenBuilder.jsp.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: * * All Web Facing users of cross site scripting * **************************************************************** * PROBLEM DESCRIPTION: * * A cross site scripting security vulnerability was found in * * Webfacing.action file. * **************************************************************** * RECOMMENDATION: * **************************************************************** A cross site scripting security vulnerability was found in Webfacing.action file. This affects both the AID and CURSOR parameters. These parameters are defined in ScreenBuilder.jsp.
Problem conclusion
Code has been added to WebFacing to resolve the cross scripting issues.
Temporary fix
Comments
APAR Information
APAR number
IT35998
Reported component name
RATL HATS FOR 5
Reported component ID
5724U6800
Reported release
960
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2021-02-23
Closed date
2021-04-22
Last modified date
2021-04-22
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Modules/Macros
HATSWF
Fix information
Fixed component name
RATL HATS FOR 5
Fixed component ID
5724U6800
Applicable component levels
[{"Line of Business":{"code":"LOB35","label":"Mainframe SW"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSXKAY","label":"IBM Host Access Transformation Services"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"960"}]
Document Information
Modified date:
23 April 2021