Download Some Excel Files Without Authentication
(Doc ID 2830865.1)
Last updated on JUNE 27, 2023
Applies to:
Oracle Financial Services Transaction Filtering - Version 8.0.8.1.0 and laterInformation in this document applies to any platform.
Goal
In security assessment and testing an unauthenticated user can download any excel file through the function "/servlet/ExcelUploadServlet" on the application
Steps to reproduce :
1. Login to TF Analyst
2. Assign alerts to the user
3. Click on attach and download the excel attachment
Expected Behavior:
Only Authorized user should download the excel attachments in alerts.
Actual result :
Unauthenticated user can download any excel file through the function "/servlet/ExcelUploadServlet"
Solution
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Goal |
Solution |
References |