How to configure SSO( Single Sign On) with Maximo 7.6

 For testing purpose, you can setup Maximo 7.6 with SSO configuration.

There are 3 parts to configure SSO.

-  Part 1 : Install DNS (Domain Name System)  Server and AD (Active Directory) Service

-  Part 2 : Install Maximo with Middleware

-  Part 3 : Configure SSO using SPNEGO

 

 

Part 1 :  Install DNS Server and Active Directory.

1. Prepare two physical machines (  you can use 2 VM instances )  having 2012 OS.

One for the DNS Server where AD and Maximo will be installed.

The other for client machine which will belong to the same domain.

** Important point :  DNS Server and Client machine should have static IP address.

 

2. IP setting for two machines.

- IP setting for DNS Server

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

- IP setting for Client machine

*  Perferred DNS Server will be DNS Server IP.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

3. Install  DNS Server and Active Directory Service on the DNS Server machine.

- Open Add Roles and Features

 

 

 

 

 

 

 

 

 

- Click  'Role-based or feature-based installation'

 

 

 

 

 

 

 

 

 

 

 

 

-  Select 'Active Directory Domain Services' and 'DNS Server'

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

-  After installing,  you will get  'Post-deployment Configuration' Message for Active Directory Domain Service.

 

 

 

 

 

-  Click 'Post-deployment Configuration'

-  Click 'Add a new forest' .  You can set  Root domain name as what you want to use. ex. domain.com

 

 

 

 

 

 

 

 

 

 

- Type password for the Directory Services Restore Mode password. ex. Maximo01

 

 

 

 

 

 

 

 

 

 

 

 

 

 

- NetBios domain name will be set as DOMAIN which is coming from the Root domain name (domain.com)

 

 

 

 

 

 

 

 

 

 

- Finish. You need to restart machine.

 

Then, you can realize that your machine belongs to 'domain.com' domain.

 

 

 

 

 

 

 

 

 

 

 

 

 

4. Configure Active Directory structure.

In Active Directory Users and Computers, right-click the domain and go to New → Organizational Unit

Create Maximo, Groups, Users OU like below screenshot.

 

 

 

 

 

 

 

 

 

 

 

 

In Groups OU,   add two groups. (  maximousers, maximononusers )

 

 

 

 

 

 

 

 

 

 

 

 

In Users OU,  add 3 users ( maxadmin, maxreg, mxintadm)  belonging to maximousers group , Domain User group.

 

 

 

 

 

 

 

 

It allows 3 users ( maxadmin, maxreg, mxintadm)  to log in the computer which is belonging to the domain (DOMAIN).

Now. DNS Server and Active Directory configuration is completed.

 

5. Configure the client machine in order to make it belong to the same domain (domain.com)

- Log in to the client machine.

- Open Computer/Properties - System properties - Click 'Change' button.   Change 'Member of Domain' to 'domain.com'.  Restart this client machine.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Now,  DNS Server and Client machine was configured.  They are in the same domain.

- DNS Server( AD ) :  dnsserver.domain.com

- Client : ssoclient.domain.com

* Domain users (maxadmin, mxintadm, maxreg) can log into this client machine( ssoclient.domain.com) like below screenshot.

 

 

 

 

 

 

 

 

 

 

 

 

Part 2 :  Now,  Install Maximo 7.6 with middleware ( Websphere and DB2 ) on the server machine where DNS Server and AD was installed.

1. Run launchpad64 -  Select  DB2, Websphere and IBM Maximo Asset Management 7.6 like below screenshot.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

2. Accept the license agreements.

3. Confirm parameter and packages.

4. Enter DB2 Installation Information.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

5.  Enter Web Server Configuration Information

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

6. Once Installation completed,  Tivoli's process automation suite configuration tool  screen is opened. Click 'Prepare Websphere Application Server for Configuration'.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

7. Configure WebSphere Application Server

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

8.  Configure Application Server Profiles

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

9. Application Server Advanced Options

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

10. Configure Administrative Security

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

11. Apply Deployment Operations.

 

 

 

 

 

 

 

 

12.  Click Configure a New Deployment

 

 

 

 

 

 

 

 

 

 

13. Define Deployment Environment

- Check 'Create and Configure the database'

- Check 'Complete configuration of WebSphere for your product'

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

14. Configure General Product Information

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

15. Database Instance Information - Configure the DB2 Database

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

16. Configure the Application Server

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

17.  Configure Application Security

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

18.  Apply Deployment Operations.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

19. Finish.  You can log into Maximo ( http://dnsserver.domain.com:9080/maximo)

 

Part 3 : SSO (Single Sign On) configuration usign SPNEGO

 

SPNEGO, or the Simple and Protected GSSAPI Negotiation Mechanism, enables a straightforward  single sign-on (SSO) mechanism for WebSphere in Kerberos environments.

The Windows client must be in the same Active Directory (AD) domain. If you will be configuring SPNEGO on a Windows system, you will still need a separate Windows client to surf from.

For whatever reason, SPNEGO does not work locally on a system.

 

1. Create a User ID for the Application Server

Please note that the ID you will be creating here is not the same, and cannot be the same as the  WebSphere administration ID that you use when you turn on WebSphere Security (usually ‘wasadmin’ in test environments).

The ID that we will be creating here is the ID that the instance of WebSphere itself uses to authenticate to Active Directory.

Ex) wasspnego@domain.com /Maximo01

 

 

 

 

 

 

 

 

 

 

 

* Set the password to never expire in your test environment. This will save you the need to regenerate keys (discussed next) because the password never needs changing.

Please remember that if you do change the password for the account, you will also need to regenerate the keys.

 

2. Assign the Service Principal Name and Create Key File

After the account has been created, we need to map this account to the Kerberos Service Principal Name (SPN) and create a key file that WebSphere can use to log into the domain with.
Please note that SPNs and keytabs are only required for the WebSphere Application Server instance, and not the Windows client users who will be logging in to the domain via the domain sign-on screen.

 

To create the key,

ktpass -out <keyfile name>  -princ HTTP/fully qualified hostname@AD DOMAIN NAME -mapuser <AD user> -pass <password> -ptype KRB5_NT_PRINCIPAL

Ex)

ktpass -out appserver1.keytab -princ HTTP/dnsserver.domain.com@DOMAIN.COM  -mapuser wasspnego -pass Maximo01 -ptype KRB5_NT_PRINCIPAL

 

* Please note that case is very important here. HTTP must be all in capital letters as well as the AD domain name. If you get this wrong, authentication will not work.

If  it runs successfully,  appserver1.keytab file is created and the Service Principal Name (SPN) is mapped to the AD user ‘wasspnego’.

The keytab file will get shipped to Websphere server which will use this key to authenticate itself in the AD domain as ‘wasspnego’.

Note the ‘User logon name’ field for wasspnego user . It now contains the Service Principal Name (or SPN) of the ID.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

3. Set up Kerberos Configuration on the Application Server

- Copy appserver1.keytab to C:\IBM\WebSphere\AppServer\etc\krb5

- Run C:\IBM\WebSphere\AppServer\bin>wsadmin  ( wasadmin/Maximo1)

- Run

$AdminTask createKrbConfigFile {-krbPath C:\IBM\WebSphere\AppServer\etc\krb5\krb5.conf -realm DOMAIN.COM -kdcHost dnsserver.domain.com -dns domain.com -keytabPath C:\IBM\WebSphere\AppServer\etc\krb5\appserver1.keytab}

 

Then, appserver1.keytab  and krb5.conf  file will be existed in C:\IBM\WebSphere\AppServer\etc\krb5 folder.

 

4. Enable WebSphere Security :  When installing Maximo using J2EE Application Security,  it was already enabled.
Go to Websphere Console - Click Security / Global Security in the left panel.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

5. Enable SSO

- Go to Websphere Console - Click Security / Global Security in the left panel
- Click Single Sign-on (SSO)
- Check 'Enabled'  and enter domain name as 'domain.com'
- Check 'web inbound security attribute propagation' and 'Set security cookies to HTTPOnly to help prevent cross-site scripting attacks'

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

6. Enable SPNEGO in WebSphere

- Go to Websphere Console - Click Security / Global Security in the left panel

- Click  SPNEGO web authentication

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

- Check  'Dynamically update SPNEGO'  and Enable SPNEGO checkbox

- Enter Kerberos configuration file  and keytab fine name with full path ( Reference step 3 )

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

-  Click New button to add a new SPNEGO Filter

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

-  Apply Changes  ( Double check MXServer/Security Domain/SPNEGO web authentication )

 

7.  Restart Websphere Server. 

Now that SPNEGO is enabled on the server.

 

8. Configure Browsers :   need to configure your browsers to send their Kerberos tokens to the server when challenged.

You need to change a couple of settings to the browsers running on your Windows client machines.

 

-  Log into the client machine (ssoclient.domain.com)  as  maxadmin domain user.

- Open IE browser- Internet options -  Security Tab- Local Intranet

-  Add  *.domain.com - OK

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

-  Click  Advanced Tab

-  Check 'Enable Integrated Windows Authentication*'

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

- OK

 

Now, In IE browser,  try to enter  http://dnsserver.domain.com:9080/maximo. 

Then, Maximo will be automatically logged as maxadmin user.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

I hope it will be helpful for you to configure SSO with Maximo.

TADDM 7.3.0 FP7 - Problems with discovery after installing Fix Pack 7

Problem

Unable to start discovery run after migrating to new TADDM fixpack

Symptom

When attempting to run a discovery on any of the Discovery Servers after migrating, the following error occurs:

MESSAGE OF ERROR:
=================
CTJOX0991E THE REQUESTED OPERATION CANNOT BE PERFORMED BECAUSE A
DATABASE MIGRATION IS IN PROGRESS.

Diagnosing The Problem

Check migration.log to ensure no errors occurred during the fixpack application. Check in the end of the migration.log for the following statement 'completed successfully'. If there are no error's and the migration did complete successfully, TADDM has only failed to move the 'in progress' status of the migration to 'COMPLETE'

Resolving The Problem

Run the following command to resolve the issue, according to the operating system, to change
the upgrade status to COMPLETED, which enables the TADDM processes to operate:
For Linux and UNIX systems:
/opt/IBM/taddm/dist/bin 

migration.sh -e
For Windows systems:
migration.bat -e

mboSet() in Automation Script, getMboSet() vs getThisMboSet() | Maximo

Most of the time automation script creates an implicit variable "mbo". It represents the current record on which the script was triggered. 

let say we open one workorder: 123. in this case, our mbo is 123. 

what If we want to get the MboSet of this mbo. (like we are going back to the list tab :)

here you go. 

mboSet = mbo.getThisMboSet()

2. Most common way to call an mboset is using famous method , which is

mbo.getMboSet("PR")

where PR is the Relation Name already exists in database configuration from this record. 

3. or we can create at run time a new relation with WhereClause, like this:

 woSet = mbo.getMboSet("woSet ", "WORKORDER", "status = 'APPR' and siteid = 'BEDFORD'")

4th and last is get any MBO from the system, which is the least recommended if the things can be handled with first 3 methods.  

If the "mbo" implicit variable is not exists then you need this:

woSet = MXServer.getMXServer().getMboSet("WORKORDER", userInfo)

Maximo Anywhere 7.6.4 - Android Emulator and Debug

Android emulator is a useful tool for testing Anywhere applications on various devices and Android API levels.

Steps

Emulator various Android devices:

1. Open Android Studio

Go to Tools menu and select SDK manager option

From the SDK Platforms tab, install Android 9 API 28

2. Go to SDK Tools tab, install Android emulator, SDK platform-tools, and SDK tools

3. Go to Tools menu and select AVD manager option

Click Create Virtual Device

Select Phone from the left pane

Select a device.  For example, "Pixel 2" device

4. Click Download 

5. Enter a name 

6. Click Finish 

Virtual device is installed

7. Click the play button to launch the AVD in emulator

8. Open a

Windows PowerShell

Navigate to the android SDK platform-tools directory.  For example,

cd C:\Users\MAYON\AppData\Local\Android\Sdk\platform-tools

Enter

adb devices 

Output shows the emulator attached

C:\Users\MAYON\AppData\Local\Android\Sdk\platform-tools> adb devices
List of devices attached
emulator-5554   device

Install APK file

C:\Users\MAYON\AppData\Local\Android\Sdk\platform-tools> adb install C:\Users\MAYON\AppData\Local\Android\Sdk\platform-tools\WorkExecution-7.6.4.apk
Performing Streamed Install
Success

9. Go to the emulator and swipe up to show a list of applications

10. Open IBM Work app and enter Maximo® URL

11. Log in as a mobile user

12. A work list shows up

About screen shows

Build Number 20200219

Debug in Chrome:

1. Go to Chrome browser and press F12 to invoke Developer Tools

2. Go to "Remote Devices" tab

3. Select the device

4. Click the Inspect button under WebView 

5. Go to the emulator and log in

Alternatively, you can use a real device:

1. Run a build to generate APK

2. Copy the APK file to an Android device and install the APK

3. Install Vysor 

https://www.youtube.com/watch?v=4eN2_NgADKQ&t=7s

4. Connect Android Device to a development machine via a USB cable

5. Go to Chrome browser and press F12 to invoke Developer Tools

6. Go to "Remote Devices" tab and select "Discover USB Devices" checkbox

7. Select the device

8. Click the Inspect button  and select "Discover USB Devices" checkbox

Run OSLC query from a browser

If you are encountering a performance issue, you can run the query in a browser to check how long it takes to return an output.

1. Copy a OSLC query from Network tab

2. Append the username and password to the end of the url: 

&_lid=username&_lpwd=password

NOTE: replace username and password with the appropriate log in credential

An example OSLC query with username and password:  

http://hostname:port/maximo/oslc/os/oslcinvbalview?savedQuery=test1&oslc.select=dcterms%3Aidentifier%2Cspi%3Abinnum%2Cspi%3Aphyscnt%2Cspi%3Acurbal%2Cspi%3Aconditioncode%2Cspi%3Aitemnum%2Cspi%3Adescription%2Cspi%3Aitemsetid%2Cspi%3Aabctype%2Cspi%3Aissueunit%2Cspi%3Alocation%2Cspi%3Asiteid%2Cspi%3Alotnum%2Cspi%3Aadjustedphyscnt%2Cspi%3Aphyscntdate%2Cspi%3Aadjustedphyscntdate&oslc.pageSize=40&oslc.orderBy=%2Bspi%3Alocation%2C%2Bspi%3Abinnum&_lid=wilson&_lpwd=wilson

Here is an example output:

3. Go to Sources tab and open a javascript file

You can put breakpoints and hover the mouse over variables to check the values

Maximo 7.6.1.2 Installing the feature pack

Installing the feature pack

Use the Maximo Asset Management installation files to install the feature pack.

Before you begin

If you are not using the updateDBLite process, ensure that no database configuration changes are pending. Shut down all Maximo Asset Management applications and backup the database. Copy the Maximo Asset Management directory and save it to another location.

For Microsoft Windows Server, log in as a member of the local Administrators group. If you attempt to upgrade when you are not logged in as an administrator, the installation fails. This feature pack is provided as an Installation Manager compressed file. When the feature pack is installed by using the Installation Manager program, the existing Maximo Asset Management directory structure is overwritten. The feature pack also contains database scripts that modify the existing database.

To reverse the changes, you must restore the earlier version of the Maximo Asset Management directory and database that you saved to another location.

Procedure

1. Download the 7.6.1.2-TIV-MAMMT-FP0002 compressed file. Copy it to the administrative server machine.
2. Run the Installation Manager from the following directory:
   • Windows: Start > All Programs > IBM Installation Manager > IBM Installation Manager
   • UNIX: In the /opt/IBM/InstallationManager/eclipse directory, run the IBMIM command.
3. In the Installation Manager main window, click File > Preferences.
4. Click Add Repository.
5. Add the repository for IBM® Maximo Asset Management. Click OK.
6. In the Preferences dialog box, click OK.
7. Click the Update icon.
8. In the Update Packages dialog, select the IBM Tivoli's process automation suite package group. Click Next.
9. To complete the installation, follow the on-screen instructions.
10. When the installation is complete, exit Installation Manager.
11. To complete the installation, you must configure Maximo Asset Management and rebuild and redeploy the .ear file. See the Configuring the Maximo Asset Management 7.6.1.2 feature pack section of this readme for details on this process.

What to do next

Before users use the updated software, delete the web browser cache on every computer that uses the product.

Configuring the feature pack

You can configure the feature pack by using the automated user interface (UI) configuration tool, the command line (CLI) interface configuration tool, or manually.

Configuring the feature pack by using the UI configuration tool

You can automatically configure the feature pack by using the UI configuration tool, which removes the need for manual tasks.

Before you begin

Before you use the UI configuration tool to update the database, you must manually stop the Maximo application server, for example, MXServer.

Procedure

1. Start the UI configuration tool.
   • Navigate to C:\IBM\SMP\ConfigTool\ConfigUI.exe or <InstallLocation>\ConfigTool\ConfigUI.exe.
   • For UNIX, navigate to the <installLocation>/ConfigTool directory and run ConfigUI. For example, /opt/IBM/SMP/ConfigTool/ConfigUI.
2. In the Deployment Operations pane, select Update Database, Build and Deploy Application EAR Files.
3. To complete the configuration, follow the on-screen instructions.

Configuring the feature pack using the CLI configuration tool

You can automatically configure the feature pack by using the CLI configuration tool, which removes the need for manual tasks.

Before you begin

Before you use the CLI configuration tool to update the database, you must manually stop the Maximo application server, for example, MXServer.

Procedure

1. Change to the <installLocation>/ConfigTool/scripts directory, for example: C:\IBM\SMP\ConfigTool\scripts
2. To update the system, run the configuration tool command: reconfigurePae.bat -action updateApplication -updatedb -deploymaximoear -deployhelpear -wasuser -wasadmin -waspwd <wasadmin_password>

Configuring the feature pack manually

To manually configure the feature pack, use the updateDB utility.

Before you begin

Before you update the database, you must manually stop the Maximo application server, for example, MXServer.

Procedure

1. To use the updateDB utility to run all of the feature pack database scripts, change the directory to the <maximo root>\tools\maximo directory, and run the updateDB utility.
   • For Windows, from a command prompt, change the directory to C:\IBM\SMP\maximo\tools\maximo and run the updatedb.bat file.
   • For UNIX, from a terminal window, change the directory to /opt/IBM/SMP/maximo/tools/maximo and run the /updatedb.sh file.
2. Delete the application server cache folders:
   • For Oracle WebLogic Server delete the cache and tmp folders. For example, for Windows, delete C:\Oracle\Middleware\Oracle_Home\user_projects\domains\wl_server\servers\AdminServer\cache and C:\Oracle\Middleware\Oracle_Home\user_projects\domains\wl_server\servers\AdminServer\tmp.
   • For the WebSphere Application Server, delete the cache folder in the <WebSphere_Root>\AppServer\profiles\Custom01\temp\<machinename>Node01\MAXIMOSERVER\MXServer directory.
3. Delete the web browser cache on every computer that uses Maximo base services.
4. Rebuild and redeploy the EAR files, and then restart the application server.

Importing report design files into Maximo Asset Management

This feature pack contains new and updated report design files. If you previously customized BIRT reports, the customizations might be overwritten when this feature pack is installed. You can also review any reports that you created to ensure that they are displayed correctly. After you install the feature pack, use the report import utility to import any necessary design file updates to your existing reports. Learn more about importing reports by accessing the Maximo 7.6 Report Development Guide.

Procedure

1. On the administrative server, browse to <install_home>\maximo\reports\birt\tools.
2. Open the reporttools.properties file. This file indicates the location that the reports are imported to.
3. Edit the reporttools.properties file to meet your system requirements.
4. Run the importreports.cmd to import your report design files. You can also run variations of this command to import only a subset of reports. Learn more about reporting by accessing the Maximo 7.6 Report Development Guide.

Maximo 7.6.1.2 complete list of defects and security defects fixed, and supported platforms in Maximo Asset Management 7.6.1.2.

Defect	APAR	Application	Description
359020	IJ24089	http://www-01.ibm.com/support/docview.wss?uid=swg1IJ24089	System UI Security Scans	In Maximo, Create Link function in Rich text editor dialog is vulnerable to reverse tabnapping
353602	IJ22000	http://www-01.ibm.com/support/docview.wss?uid=swg1IJ22000	System UI Security Scans	Security defect; User enumeration. CVE-2018-1715; CVSS Base Score: 5.4; CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/175121 for the current score.
352132	IJ21583	http://www-01.ibm.com/support/docview.wss?uid=swg1IJ21583	System UI Security Scans	Security defect; User enumeration. CVE-2019-4749; CVSS Base Score: 5.4; CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/173308 for the current score.
347202	IJ20187	http://www-01.ibm.com/support/docview.wss?uid=swg1IJ20187	System UI Security Scans	Security defect; User enumeration. CVE-2018-1715; CVSS Base Score: 5.4; CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/147003 for the current score.
343877	IJ18512	http://www-01.ibm.com/support/docview.wss?uid=swg1IJ18512	System UI Security Scans	Security defect; User enumeration. CVE-2019-4583; CVSS Base Score: 4.3; CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/167289 for the current score.
340430	IJ17265	http://www-01.ibm.com/support/docview.wss?uid=swg1IJ17265	System UI Security Scans	Security defect; User enumeration. CVE-2019-4429; CVSS Base Score: 5.4; CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/162886 for the current score.
336262	IJ15812	http://www-01.ibm.com/support/docview.wss?uid=swg1IJ15812	System UI Security Scans	Security defect; User enumeration. CVE-2019-4478; CVSS Base Score: 6.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/163998 for the current score
336094	IJ15750	http://www-01.ibm.com/support/docview.wss?uid=swg1IJ15750	System UI Security Scans	In all applications, attackers can gain access to sensitive information that they are not authorized to view.
335453	IJ15598	http://www-01.ibm.com/support/docview.wss?uid=swg1IJ15598	System UI Security Scans	Security defect; User enumeration. CVE-2019-4446; CVSS Base Score: 5.4; CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/163490 for the current score