WebSphere Commerce Version 7.0.0.6

Enabling interim fix SE53160

Interim fix SE53160 resolves a Potential Information Disclosure vulnerability that can expose user personal data. Complete the following procedure to resolve the vulnerability.

Before you begin

Install the cumulative interim fix for Fix Pack 6, JR53048.fp.

Procedure

  1. Run the acpload utility on the following file,
    • WC_installdir/xml/policies/xml/SE53160FoundationAccessControlPolicies.xml
    • WebSphere Commerce DeveloperWCDE_installdir/xml/policies/xml/SE53160FoundationAccessControlPolicies.xml
    For example, from the WC_installdir/bin directory, run the following command
    Platform Command
    AIX Linux Solaris IBM i ./acpload.sh mall dbuser dbusrpwd SE53160FoundationAccessControlPolicies.xml
    Windows acpload.cmd mall dbuser dbusrpwd SE53160FoundationAccessControlPolicies.xml
    Windows Oracle acpload.cmd mall dbuser dbusrpwd SE53160FoundationAccessControlPolicies.xml schema
    Note: schema is the name of target database schema. This name is normally the same name as the dbuser.
    Derby acpload SE53160FoundationAccessControlPolicies.xml
    For more information about how to run the acpload utility, see acpload utility.
  2. Run the acpnlsload utility on the following file,
    • WC_installdir/xml/policies/xml/SE53160FoundationAccessControlPolicies_en_US.xml
    • WebSphere Commerce DeveloperWCDE_installdir/xml/policies/xml/SE53160FoundationAccessControlPolicies_en_US.xml
    For example, from the WC_installdir/bin directory, run the following command
    Platform Command
    AIX Linux Solaris IBM i ./acpnlsload.sh mall dbuser dbusrpwd SE53160FoundationAccessControlPolicies_en_US.xml
    Windows acpnlsload.cmd mall dbuser dbusrpwd SE53160FoundationAccessControlPolicies_en_US.xml
    Windows Oracle acpnlsload.cmd mall dbuser dbusrpwd SE53160FoundationAccessControlPolicies_en_US.xml schema
    Note: schema is the name of target database schema. This name is normally the same name as the dbuser.
    Derby acpnlsload SE53160FoundationAccessControlPolicies_en_US.xml
    For more information about how to run the acpnlsload utility, see acpnlsload utility.