[2000088] Found Security Vulnerability Error When Updating or Creating Static Table Driver in PFT 8.0.6
(Doc ID 2479386.1)
Last updated on MAY 25, 2023
Applies to:
Oracle Financial Services Profitability Management - Version 8.0.6 and laterInformation in this document applies to any platform.
Oracle Financial Services Analytical Applications (OFSAA)
Oracle Financial Services Profitability Management (PFT)
Symptoms
After upgrade to PFT 8.0.6 when attempting to Save changes for a static table driver, the save fails with the following error:
ERROR
[2000088] Found Security Vulnerability when adding a static table driver
The catalina.out file shows additional errors:
[02-11-18 11:16:19,007 GMT AM] [DEBUG] [WEB] COMMONAPP - Infodom :FICMASTER
02-Nov-2018 12:16:19.009 WARNING [http-nio-8080-exec-3] org.owasp.esapi.reference.JavaLogFactory$JavaLogger.log [SECURITY FAILURE Anonymous:null@unknown -> /DefaultName/IntrusionDetector] Invalid input: context=ValidationFramework, type(OFS_PFT_STD_dim_names)=^[a-zA-Z0-9\_\~\,\@\(\)]+$, input=0,82.4294,0.445,0.4442,0.5734,0,4.0422,10.757,1.3064,0.0023
org.owasp.esapi.errors.ValidationException: ValidationFramework: Invalid input. Please conform to regex ^[a-zA-Z0-9\_\~\,\@\(\)]+$ with a maximum length of 59
Based on the above, it is believed to be an issue with special characters. In the dimension of this TABLE_ID (it only has one) there are leaves that contain / and - in their leaf names, even so none of them is used in the table id.
The issue can be reproduced at will with the following steps:
1. Upgrade to PFT 8.0.6
2. Attempt to save changes to a static table driver
Changes
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Symptoms |
| Changes |
| Cause |
| Solution |
| References |