Events Can Be Visually Modified By Users Lacking The Necessary Rights (Doc ID 1911355.1)

Last updated on MARCH 08, 2017

Applies to:

Oracle WebCenter Portal - Version 11.1.1.6.5 and later
Information in this document applies to any platform.

Symptoms

In WebCenter Spaces an anonymous user can access a public space, and view its Events Calendar. That user is then able to drag and drop existing events from one date to another.

The Events service is critical to the utilization of the Webcenter Portal. Allowing anonymous users to modify events for other users will render a main component of the portal useless.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms