A fix is available
APAR status
Closed as fixed if next.
Error description
Applications accept a URL as a query string parameter and perform a redirect based on the URL are open to abuse. An attacker can abuse this by sending a user a link that appears to go to a trusted location but instead goes to an attacker controlled location. URL examples: https://<host>/ico/login?page=<openRedirectVulnerableValue> https://<host>/switchprotject?...&menu_path=<openRedirectVulnera bleValue>&...
Local fix
n/a
Problem summary
The application redirects to user supplied URL parameters in several locations. Both issues affect all users of the application. I have provided fix for URL redirction issue, which will avaiable for ICO v 2.4.0.3
Problem conclusion
Temporary fix
Comments
APAR Information
APAR number
ZZ00481
Reported component name
SMRTCLOUD ORCHS
Reported component ID
5725H2800
Reported release
240
Status
CLOSED FIN
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2015-10-15
Closed date
2015-12-10
Last modified date
2015-12-10
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Applicable component levels
R240 PSY
UP
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS4KMC","label":"IBM Cloud Orchestrator"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"240","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
03 November 2021