Fixes are available
Operational Decision Manager V8.8.0.1: Interim Fix 34
Operational Decision Manager V8.8.0.1: Interim Fix 41
Operational Decision Manager V8.8.0.1: Interim Fix 49
Operational Decision Manager V8.8.0.1: Interim Fix 51
Operational Decison Manager z/OS 8.8.1.2 Fix Pack
Operational Decision Manager V8.8.1.2 Fix Pack
Operational Decision Manager V8.8.0.1: Interim Fix 62
Operational Decision Manager V8.8.0.1: Interim Fix 65
Operational Decision Manager V8.8.0.1: Interim Fix 72
Operational Decision Manager V8.8.0.1: Interim Fix 79
Operational Decision Manager V8.8.0.1: Interim Fix 38
Operational Decision Manager V8.8.0.1: Interim Fix 83
APAR status
Closed as program error.
Error description
A user having lower privileges with Business User role can successfully retrieved the contents of the "web.xml" file as well as the contents of all the files in the WEB-INF directory The security issue occurs for URLS that serve a servlet that extent IntelliTextEditorServlet class (/s/BRLEditor, /s/MetricsEditor/, /s/KbiEditor/, etc... on BC side, and with /DecisionTableEditor/ and /BrlEditor in EC Side)
Local fix
Problem summary
Too large restriction on package permissions in the decision table web editor is creating this problem
Problem conclusion
The code is fixed
Temporary fix
Comments
APAR Information
APAR number
RS02535
Reported component name
WS DECISION CTR
Reported component ID
5725B6900
Reported release
800
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2016-10-12
Closed date
2016-10-30
Last modified date
2016-10-30
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Modules/Macros
999
Fix information
Fixed component name
WS DECISION CTR
Fixed component ID
5725B6900
Applicable component levels
R800 PSY
UP
Document Information
Modified date:
03 November 2021