The Software and Systems Experts​
The Software and Systems Experts​
smarterprocces logo color

Contacts

SmarterProcess / ReqPro

ul. Antoniego Pajdaka 5/98
03-134 Warsaw, Poland
NIP : 8921405210
Regon : 146293701

About Products

About us

IBM ELM widgets malfunction after iFix? (CRJAZ5037E SSRF)

IBM ELM extensions malfunction after latest iFix? (CRJAZ5037E SSRF)

After implementing the most recent iFix, following best practices for your IBM ELM environment, have you encountered an issue where your widgets are no longer functioning, and you are unable to identify the root cause of the problem?

Problem of CRJAZ5037E SSRF:

The introduction of new iFixes, starting with versions ELM 7.0.2 iFix004, ELM 7.0.1 iFix009, CLM 6.0.6.1 iFix018, and CLM 6.0.6 iFix022, underscores IBM’s commitment to bolstering security. This initiative addresses Server-Side Request Forgery (SSRF) vulnerabilities.

Consequently, due to these implemented security measures, there are notable changes in the behavior of all OpenSocial gadgets and RSS feeds that fetch content from external sources. This adjustment becomes apparent through errors encountered while attempting to integrate widgets into your side-panel or dashboard, particularly those that previously operated seamlessly.

Solution for CRJAZ5037E SSRF:

To effectively address this issue and reinstate the functionality of your widgets, it is imperative to incorporate the URLs of your extension hosting servers into the jazz “allowlist.” Access the allowlist via the JTS application in the Admin menu. Proceed to “Advanced properties,” where you can locate the “allowlist.” Within this section, diligently input all URLs linked to your hosting servers, ensuring they are separated by commas and devoid of spaces. As an alternative, consider utilizing an asterisk “*” to grant permission for all traffic, a practical approach if deemed appropriate.

Subsequent to the mentioned step, it is crucial to include the requisite URLs in the whitelist of the CLM/ELM application you are integrating your widgets with. For example, if your aim is to integrate widgets into RM applications, navigate to https://yourServer/rm/admin. In the side-menu, specifically find and select “Whitelist,” then proceed to systematically incorporate the necessary URLs into this designated section.

More information about:  CRJAZ5037E Changes to Engineering Lifecycle Management related to Server-Side Request Forgery (SSRF) vulnerabilities.

DNG Not Working Widgets CRJAZ5037E
DNG Not Working Widgets 1 CRJAZ5037E
DNG Not Working Widgets 2 CRJAZ5037E

Software and Systems Engineering are our passions.

At SmarterProcess, we always try to put ourselves in our customers’ shoes, and the projects we deliver are always done with passion and a focus on tangible results.

Are you interested?

Please send us your contact details and we will get in touch with You