My Oracle Support Banner

[2000088] Found Security Vulnerability Error When Updating or Creating Static Table Driver (Doc ID 2479386.1)

Last updated on MAY 11, 2021

Applies to:

Oracle Financial Services Profitability Management - Version 8.0.6 and later
Information in this document applies to any platform.
Oracle Financial Services Analytical Applications (OFSAA)
Oracle Financial Services Profitability Management (PFT)

Symptoms

After upgrade to PFT 8.0.6 when attempting to Save changes for a static table driver, the save fails with the following error:

ERROR
[2000088] Found Security Vulnerability when adding a static table driver

The catalina.out file shows additional errors:
 [02-11-18 11:16:19,007 GMT AM] [DEBUG] [WEB] COMMONAPP - Infodom :FICMASTER
02-Nov-2018 12:16:19.009 WARNING [http-nio-8080-exec-3] org.owasp.esapi.reference.JavaLogFactory$JavaLogger.log [SECURITY FAILURE Anonymous:null@unknown -> /DefaultName/IntrusionDetector] Invalid input: context=ValidationFramework, type(OFS_PFT_STD_dim_names)=^[a-zA-Z0-9\_\~\,\@\(\)]+$, input=0,82.4294,0.445,0.4442,0.5734,0,4.0422,10.757,1.3064,0.0023
 org.owasp.esapi.errors.ValidationException: ValidationFramework: Invalid input. Please conform to regex ^[a-zA-Z0-9\_\~\,\@\(\)]+$ with a maximum length of 59

Based on the above, it is believed to be an issue with special characters. In the dimension of this TABLE_ID (it only has one) there are leaves that contain / and - in their leaf names, even so none of them is used in the table id.

The issue can be reproduced at will with the following steps:
1. Upgrade to PFT 8.0.6
2. Attempt to save changes to a static table driver

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.