APAR status
Closed as program error.
Error description
Calls to a remote ejb during object deserialsation is a security risk.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: All users of IBM WebSphere Application * * Server * **************************************************************** * PROBLEM DESCRIPTION: Harden Legacy EJB APIs * **************************************************************** * RECOMMENDATION: * **************************************************************** Remote EJB calls were being made during deserialization which is a security risk
Problem conclusion
The object that potentually required remote EJB calls was cached during deserialization and is now processed at the point it is needed, when remote EJB calls could be safely made. The fix for this APAR is targeted for inclusion in fix pack 8.5.5.20 and For more information, see 'Recommended Updates for WebSphere Application Server': https://www.ibm.com/support/pages/node/715553
Temporary fix
Comments
APAR Information
APAR number
PH35134
Reported component name
WEBSPHERE APP S
Reported component ID
5724J0800
Reported release
850
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2021-03-09
Closed date
2021-03-16
Last modified date
2021-03-16
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WEBSPHERE APP S
Fixed component ID
5724J0800
Applicable component levels
R800 PSY
UP
R850 PSY
UP
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"8.5","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
02 November 2021