This portal is to open public enhancement requests for IBM Sterling products and services. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).
Shape the future of IBM!
We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:
Search existing ideas
Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updateson them if they matter to you. If you can't find what you are looking for,
Post your ideas
Post an idea.
Get feedback from the IBM team and other customers to refine your idea.
Follow the idea through the IBM Ideas process.
Specific links you will want to bookmark for future use
As with standard Linux servers today Secure Proxy should be able to present Host Keys (more than one) in both RSA and ECDSA formats depending on what type the vendor incoming connection supports. Vendors are demanding Host Keys that are stronger t...
security.OverrideAsnCompliancePolicy=true needs to be added into the security.properties.in file
per IBM - There is a technote that indicates security.OverrideAsnCompliancePolicy=true be added to the customer_overrides specifically to ignore OID errors caused by certificates with attributes not supported by the Certicom jar files which SI use...
Use a whitelist approach to validate the file extension in /dsv/sponsor/module/fileManagement and /dsv/partner/module/fileManagement
The PEM is vulnerable to an unrestricted file upload on the path /dsv/partner/module/fileManagement/ and /dsv/sponsor/module/fileManagement in the parameter file. Through this vulnerability it is possible to upload a windows executable file that t...
Add captcha in the IBM Sterling Store Engagement Application Login Screen for additional security
Problem Description: During the security testing, it was found that the login mechanism used by the Store application did not prevent automated attacks. This fact could be demonstrated by attempting to brute-force the login credentials of a testin...
User should be able to use variable in Send email >To field under the action.
Currently, we are only able to provide mail ids only when we create the action in Control Center Monitor. IN our project, we are using meta data and we want to use the meta data variable in Send email so that as per server, email should get to own...
ITXA - Include "Created by" column for Code Lists in Trading Partner UI
Currently, the "Created by" column is not available for Code Lists, but is available for Maps and Envelopes. This column is needed to give developers and support staff visibility on who has created/updated Code Lists.
It is useful to scan logs with security tools to look for patterns in brute force access to the B2B Integrator instance. None of the logs today contain the real source IP of connection attempts. Only certain logs show the perimeter server IP the r...
Disable Terminal SSH to Secure Proxy from External (Adapter)
We are currently running the latest version of Secure Proxy and are able to ssh (terminal) through the adapter to the SSP host. Although we are not able to login, it is an audit finding to prompt for credentials. Should simply close the session. I...
We want the clients ability to connect to SFG using an userid not worrying about case, I.e., say in SFG the user id is called DTCCTEST we want the user to be able to use any case dtcctest or DTCCTEST or DTCCTest etc and SFG to be able to allow the...
Do not place IBM confidential, company confidential, or personal information into any field.