IBM Support

PH51127: SECURITY VIOLATION WITH CEDA TRAN AFTER DEFECT 155271

A fix is available

Obtain the fix for this APAR.

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • Defect 155271 added the dataset name of the CSD associated with
the region to the menu views for CEDA/B/C. This added an EXEC
CICS INQUIRE FILE in DFHESP01 to retrieve the dataset name. The
RDO transactions are intended to be exempt from resource
security checks since they don't use file commands to access the
CSD. This EXEC CICS INQUIRE FILE incurs a resource security
check and may cause a security violation if the region's DFHCSD
is not defined to the ESM.
Additional Symptom(s) Search Keyword(s): KIXREVPAD

Local fix

  • 



Problem summary


    

  • ****************************************************************
* USERS AFFECTED: All CICS Users.                              *
****************************************************************
* PROBLEM DESCRIPTION: CEDA may abend AEY7.                    *
****************************************************************
If the dataset associated with the DFHCSD of the CICS system has
a RACF UACC ( Universal Access Authority ) of NONE and
resides in an active security class on the CICS system then CEDA
may abend AEY7 ( an unhandled NOTAUTH ) when it attempts to
retrieve the dataset name of the DFHCSD.

There is no resource or command security in the CEDA transaction
so the AEY7 should not have occurred.

    



Problem conclusion


    

  • CEDA code has been amended to prevent the aforementioned
scenario.

    



Temporary fix


    

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    PH51127
    • 

  • Reported component name
    CICS TS Z/OS V6
    • 

  • Reported component ID
    5655YA100
    • 

  • Reported release
    400
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2022-11-24
    • 

  • Closed date
    2022-12-21
    • 

  • Last modified date
    2023-01-03
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    
PH49835
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    
UI83834
    

    • 



Modules/Macros


    

  • DFHESP01

    



Fix information


    

  • Fixed component name
    CICS TS Z/OS V6
    • 

  • Fixed component ID
    5655YA100
    • 



Applicable component levels


    

  • R400  PSY  UI83834
       UP22/12/22  P  F212
    • 



Fix is available


    

  • Select the PTF appropriate for your component level.
You will be required to sign in. Distribution on physical
media is not available in all countries.
    








      
              
                            

              

              [{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSGMGV","label":"CICS Transaction Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"6.1","Line of Business":{"code":"LOB35","label":"Mainframe SW"}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            05 January 2023
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback