Direct links to fixes
APAR status
Closed as program error.
Error description
IBM Process Federation Server, from version 22.0.1, includes Swagger UI to allow interactive documentation of the federated REST API. Vulnerability CVE-2018-25031 has been reported on the version of Swagger UI embedded by IBM Process Federation Server. This vulnerability could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions. PRODUCTS AFFECTED IBM Business Automation Workflow
Local fix
Problem summary
No additional information is available.
Problem conclusion
A fix is available or will be available that upgrade Swagger UI in IBM Process Federation Server to a version that fixes vulnerability CVE-2018-25031
Temporary fix
Not applicable.
Comments
APAR Information
APAR number
JR65036
Reported component name
BUS AUTO WORKFL
Reported component ID
5737H4100
Reported release
L00
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2022-06-15
Closed date
2022-09-06
Last modified date
2022-09-06
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
BUS AUTO WORKFL
Fixed component ID
5737H4100
Applicable component levels
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS8JB4","label":"IBM Business Automation Workflow"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"21.0.2","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
11 December 2022