Download Some Excel Files Without Authentication (Doc ID 2830865.1)

Last updated on JUNE 27, 2023

Applies to:

Oracle Financial Services Transaction Filtering - Version 8.0.8.1.0 and later
Information in this document applies to any platform.

Goal

In security assessment and testing an unauthenticated user can download any excel file through the function "/servlet/ExcelUploadServlet" on the application

Steps to reproduce :

1. Login to TF Analyst

2. Assign alerts to the user

3. Click on attach and download the excel attachment

Expected Behavior:

Only Authorized user should download the excel attachments in alerts.

Actual result :

Unauthenticated user can download any excel file through the function "/servlet/ExcelUploadServlet"

Solution

	To view full details, sign in with your My Oracle Support account.
	Don't have a My Oracle Support account? Click to get started!

In this Document

Goal

Solution

References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.

Download Some Excel Files Without Authentication (Doc ID 2830865.1)

Applies to:

Goal

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!