Integration Of OBIEE With SiteMinder - "BaddCssChars" Parameter

(Doc ID 1684031.1)

Last updated on MAY 29, 2018

Applies to:

Business Intelligence Server Enterprise Edition - Version and later
Information in this document applies to any platform.


When integrating with SiteMinder (while using version 6 and about to migrate to version 12), the value of the "BadCssChars" must be blank - as documented in "TechNote_SiteMinder_SSO_Via_WLS_Plugin-1.doc".  This makes the application vulnerable to Cross-Site Scripting (XSS).

Are there any plans to address this vulnerability in future releases?


Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms