IBM Support

PH28196: Sensitive Information may be stored in a system dump

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • While an administrator is signed on to the Admin Console,
some sensitive information can be found in clear text in
storage for the Deployment manager - a dump of the DGMR taken
on z/OS exposes this information.

Local fix

  • 



Problem summary


    

  • ****************************************************************
* USERS AFFECTED:  All users of IBM WebSphere Application      *
*                  Server zOS V8.5 and 9.0                     *
****************************************************************
* PROBLEM DESCRIPTION: Sensitive information can be exposed    *
*                      in clear test format inside the dump    *
*                      files generated by WebSphere            *
*                      Application Server.                     *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
Sensitive information can be exposed
in clear test format inside the dump
files generated by WebSphere
Application Server. The only way to confirm if the issue is
caused by this issue is by collecting dump files in zOS

    



Problem conclusion


    

  • The code has been reviewed and updated to remove the exposure
of the sensitive information

The fix for this APAR is targeted for inclusion in fix pack
8.5.5.19 and 9.0.5.6. For more information, see 'Recommended
Updates for WebSphere Application Server':
https://www.ibm.com/support/pages/node/715553

    



Temporary fix


    

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    PH28196
    • 

  • Reported component name
    WEBSPHERE FOR Z
    • 

  • Reported component ID
    5655I3500
    • 

  • Reported release
    850
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2020-08-05
    • 

  • Closed date
    2020-09-14
    • 

  • Last modified date
    2020-09-14
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    WEBSPHERE FOR Z
    • 

  • Fixed component ID
    5655I3500
    • 



Applicable component levels


    








      
              
                            

              

              [{"Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SS7K4U","label":"WebSphere Application Server for z\/OS"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"850"}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            15 September 2020
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback