Integration Of OBIEE With SiteMinder - "BaddCssChars" Parameter
Last updated on MAY 29, 2018
Applies to:Business Intelligence Server Enterprise Edition - Version 188.8.131.52.12 and later
Information in this document applies to any platform.
When integrating with SiteMinder (while using version 6 and about to migrate to version 12), the value of the "BadCssChars" must be blank - as documented in "TechNote_SiteMinder_SSO_Via_WLS_Plugin-1.doc". This makes the application vulnerable to Cross-Site Scripting (XSS).
Are there any plans to address this vulnerability in future releases?
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms