vulnerabilities on Run Rule Framework – Process page. (Doc ID 3024304.1)

Last updated on MAY 28, 2024

Applies to:

Oracle Financial Services Analytical Applications Infrastructure - Version 8.1.2.3 and later
Information in this document applies to any platform.

Symptoms

On : 8.1.2. version, Administration_OFSS

High privilege user may embed XSS payload in self-owned processes which affects all users who landed on target page.

Steps
-----------------------
The issue can be reproduced at will with the following steps:

Login as high privilege user > Common tasks > Rule run framework > Process > create new process or edit the self-owned processes > inject XSS payload in master information Name parameter.

BUSINESS IMPACT
-----------------------
The issue has the following business impact: Due to this issue, application is vulnerable to attacks.

Changes

Cause

	To view full details, sign in with your My Oracle Support account.
	Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.

vulnerabilities on Run Rule Framework – Process page. (Doc ID 3024304.1)

Applies to:

Symptoms

Changes

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!