My Oracle Support Banner

File Upload Functionality Allows Files Of All Format Types To Be Uploaded (Doc ID 2723418.1)

Last updated on NOVEMBER 01, 2020

Applies to:

Oracle Banking Digital Experience - Version 20.1.0.0.0 and later
Information in this document applies to any platform.

Symptoms

ACTUAL BEHAVIOR
---------------
File upload is allowing all file formats to be upload, while it is configured to allow only CSV,XML,XLS and XLSX.
This could potentially cause security issues.

Also since this file is getting uploaded, this means that this entry is stored in OBDX on digx_fu_filedetails, even though it contains malicious data.

EXPECTED BEHAVIOR
-----------------------
Only allowed file types (csv,xls,xlsx,fixed length) should be uploaded.

STEPS
-----------------------
The issue can be reproduced at will with the following steps:
1. Log into OBDX as a Corporate user.
2. Go to File Upload screen.
3. Select File Identifier and select a file to upload.

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.