My Oracle Support Banner

ECM API Bypass Vulnerability 2 (Doc ID 2987565.1)

Last updated on NOVEMBER 21, 2023

Applies to:

Oracle Financial Services Enterprise Case Management - Version 8.0.7 and later
Information in this document applies to any platform.


We are doing security scan for ECM module.

We found some requests for now till allow unauthored user to use by replacing jsessionID.

1. /fccm/solution/cm/CM_NetworkView.jsp:
replicate by curl:
curl --location --request GET '' \
--header 'cookie: JSESSIONID=ZeYFjfLHx2fNBzlsN1RzfD6pHJc0YNvaM8kvxG9CEMZ2Pr9-RcJO!-362259616'

Expection: Application should not allow unauthored user to use.


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.