Integration Of OBIEE With SiteMinder - "BaddCssChars" Parameter
(Doc ID 1684031.1)
Last updated on MAY 29, 2018
Applies to:Business Intelligence Server Enterprise Edition - Version 22.214.171.124.12 and later
Information in this document applies to any platform.
When integrating with SiteMinder (while using version 6 and about to migrate to version 12), the value of the "BadCssChars" must be blank - as documented in "TechNote_SiteMinder_SSO_Via_WLS_Plugin-1.doc". This makes the application vulnerable to Cross-Site Scripting (XSS).
Are there any plans to address this vulnerability in future releases?
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!