Fixes are available
APAR status
Closed as program error.
Error description
Cordova uses a bridge that allows the Native Application to communicate with the HTML and Javascript that control the user interface. To protect this bridge on Android, the framework uses a BridgeSecret to protect it from third-party hijacking. However, the BridgeSecret is not sufficiently random and can be determined in certain scenarios.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: * * Users who use versions 6.3, 7.0, and 7.1 of MobileFirst * * Platform Foundation applications for Android. * **************************************************************** * PROBLEM DESCRIPTION: * * The Cordova bridge is used as a communication channel for * * javascript and native, sending messages back and forth * * through the bridge. Cordova-android uses a BridgeSecret to * * protect its messages from third-party interference, however, * * the way the BridgeSecret was implemented before does not use * * a very secure way to randomize the BridgeSecret. The * * BridgeSecret could potentially be guessed and there lies the * * vulnerability. The BridgeSecret now uses SecureRandom as a * * way to securely ensure that the BridgeSecret is truly * * randomized and it won't be easily guessed. * **************************************************************** * RECOMMENDATION: * * - * ****************************************************************
Problem conclusion
After installing the iFix, please rebuild your application.
Temporary fix
Comments
APAR Information
APAR number
PI53154
Reported component name
MFPF/WORKLIGHT
Reported component ID
5725I4301
Reported release
505
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2015-11-25
Closed date
2015-12-11
Last modified date
2015-12-11
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
MFPF/WORKLIGHT
Fixed component ID
5725I4301
Applicable component levels
R630 PSY
UP
R700 PSY
UP
R710 PSY
UP
[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSZH4A","label":"IBM Worklight"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"505","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
14 October 2021