Missing Security Implementation In WebCenter RESTful Services To Comment a Document
(Doc ID 1527428.1)
Last updated on MARCH 21, 2019
Applies to:Oracle WebCenter Portal - Version 188.8.131.52.0 and later
Information in this document applies to any platform.
The issue occurs under the following circumstances:
Create a group space and upload a document to it and add a user as a member of the group space with view privileges.
Now, if you call the following RESTful service to 'comment' the document as the user that has view privileges, the 'comment' counter will increase.
If you then call the same RESTful service to 'comment' the document as a user that is not member of the group space (e.g. that has no view privileges), the 'comment' counter also increases.
where <UCM_DOC_ID> is the Identifier of the document
and utoken=<TOKEN_ID> is the user token (changing depending on what user does the request)
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document