APAR status
Closed as program error.
Error description
Security hole in Web Editor Scenario: 1. Create a document class and give permissions to joe only. 2. When someone else but joe logs onto Web editor, and does a search on this new class no results are returned as expected. 3. Login as joe and search for an object created for this new class. click on the email icon, and send the mail to bob. 4. When bob clicks on the link in the email, he can view the profile card of the object, but when he clicks on viewer he gets an unauthorized operation error. Bob shouldn't be able to view the profile card in the first place as he doesn't have any access to this class. This is a security hole in the web editor. .
Local fix
Problem summary
security hole in Web Editor security hole in Web Editor Scenario: 1. Create a document class and give permissions to joe only. 2. When someone else but joe logs onto Web editor and does a search on this new class no results are returned as expected. 3. login as joe and search for an object created for this new class. click on the email icon and send the mail to bob. 4. When bob clicks on the link in the email he can view the profile card of the object but when he clicks on viewer he gets an unauthorized operation error. bob shouldn't be able to view the profile card in the first place as he doesn't have any access to this class. this is a security hole in the web editor. .
Problem conclusion
THIS PROBLEM WILL BE FIXED ON SMARTEAM VERSION 5 RELEASE 18 SP08 LEVEL. . .
Temporary fix
Comments
APAR Information
APAR number
HD80332
Reported component name
SMARTEAM NT>XP
Reported component ID
569199970
Reported release
518
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2008-12-03
Closed date
2009-01-15
Last modified date
2009-02-24
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
SMARTEAM NT>XP
Fixed component ID
569199970
Applicable component levels
R518 PSN
UP
[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SS2S3T","label":"ENOVIA SmarTeam V5"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"518","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
24 February 2009