How To
Summary
Attacker can upload malicious file into the JazzSM/profile/ui/input folder as the current function of the Dashboard Hub import function does not validate user's password
Environment
Steps
1) Login to DASH
2) Go to console settings-Dashboard Hub page
3) Attached any files to be uploaded in browse
4) Key in wrong password
5) Check the JazzSM/profile/ui/input folder and you can see that the files had been uploaded.
Additional Information
The issue had been logged as APAR IJ24750.
Document Location
Worldwide
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEKCU","label":"Jazz for Service Management"},"ARM Category":[{"code":"a8m500000008bt0AAA","label":"DASH->DASH UI Services - Security Category->DUIS-Security - Attack Vulnerability issues"}],"ARM Case Number":"TS003656734","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"}],"Version":"All Version(s)","Line of Business":{"code":"LOB45","label":"Automation"}}]
Product Synonym
jazzsm, dashboard hub, import
Was this topic helpful?
Document Information
More support for:
Jazz for Service Management
Component:
DASH->DASH UI Services - Security Category->DUIS-Security - Attack Vulnerability issues
Software version:
All Version(s)
Operating system(s):
AIX, Linux, Windows
Document number:
6213698
Modified date:
22 May 2020
UID
ibm16213698
Manage My Notification Subscriptions