Fixes are available
PI23055;8.5.5: Potential XSS and CSRF (CVE-2014-4770 and CVE-2014-4816)
8.5.5.4: WebSphere Application Server V8.5.5 Fix Pack 4
PI27152;8.5.5: Confidential for Security Integrity ifix
8.5.5.5: WebSphere Application Server V8.5.5 Fix Pack 5
8.5.5.6: WebSphere Application Server V8.5.5 Fix Pack 6
8.5.5.7: WebSphere Application Server V8.5.5 Fix Pack 7
8.5.5.8: WebSphere Application Server V8.5.5 Fix Pack 8
8.5.5.9: WebSphere Application Server V8.5.5 Fix Pack 9
8.5.5.10: WebSphere Application Server V8.5.5 Fix Pack 10
8.5.5.11: WebSphere Application Server V8.5.5 Fix Pack 11
8.5.5.12: WebSphere Application Server V8.5.5 Fix Pack 12
8.5.5.13: WebSphere Application Server V8.5.5 Fix Pack 13
8.5.5.14: WebSphere Application Server V8.5.5 Fix Pack 14
8.5.5.15: WebSphere Application Server V8.5.5 Fix Pack 15
8.5.5.14: WebSphere Application Server V8.5.5 Fix Pack 14
8.5.5.17: WebSphere Application Server V8.5.5 Fix Pack 17
8.5.5.20: WebSphere Application Server V8.5.5.20
8.5.5.18: WebSphere Application Server V8.5.5 Fix Pack 18
8.5.5.19: WebSphere Application Server V8.5.5 Fix Pack 19
8.5.5.16: WebSphere Application Server V8.5.5 Fix Pack 16
8.5.5.21: WebSphere Application Server V8.5.5.21
APAR status
Closed as program error.
Error description
When fine-grained administrative authorization security is enabled in the Administrative Console and a user logs in, many security calls are made, to determine determine what this particular user is allowed to do and populate the lefthand navigation bar. This APAR will make code changes to reduce unnecessary, repetitive role checking.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: All users of IBM WebSphere Application * * Server V8.5 using the administrative * * console to manage their environemnt. * **************************************************************** * PROBLEM DESCRIPTION: The console looks up a users roles * * many times during user login to the * * administrative console. * **************************************************************** * RECOMMENDATION: * **************************************************************** The console can doesn't need to look up the same roles for each object type multiple times during user login.
Problem conclusion
The console now caches user/group roles for user login. This only affects console initialization during login. Caching was already done in other areas of the console. APAR PI19624 is currently targeted for inclusion in Fix Pack 8.5.5.4 of WebSphere Application Server V8.5. Please refer to the Recommended Updates page for delivery information: http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980 In addition, please refer to URL: http://www.ibm.com/support/docview.wss?rs=404&uid=swg27006970 for Fix Pack PTF information.
Temporary fix
Comments
APAR Information
APAR number
PI19624
Reported component name
WEBSPHERE FOR Z
Reported component ID
5655I3500
Reported release
850
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2014-06-09
Closed date
2014-07-28
Last modified date
2014-07-28
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WEBSPHERE FOR Z
Fixed component ID
5655I3500
Applicable component levels
R850 PSY
UP
Document Information
Modified date:
27 April 2022