My Oracle Support Banner

On Inward Remittance Inquiry Screen One Customer Able To View Transactions Of Another Customer (Doc ID 2782856.1)

Last updated on JANUARY 18, 2022

Applies to:

Oracle Banking Digital Experience - Version 18.3.0.0.0 and later
Information in this document applies to any platform.

Symptoms

ACTUAL BEHAVIOR
---------------
In OBDX 18.3, while trying to access Inward Remittance Inquiry screen, the corporate user is able to view the transactions initiated from other users.

It was found out that for users having no account mapped in User Account Access screen under Admin, the Account drop down search is not showing.As
per OBDX behavior, for such users these 2 screens should show No Accounts Mapped Alert, but the user is able to search for Payment History, Inward
Remittance & Upcoming Payments of other customers as well, just by entering the search parameters on the screen.

EXPECTED BEHAVIOR:
---------------
The screens Inward Remittance and Payment History Status should not support
search for users having no account mapped to them under User Account access.

STEPS:
--------
1. Log into OBDX as a corporate user having no account mapped to it.
2. Go to Inward Remittance Inquiry or Payment History Status screens.
3. No alert comes saying no accounts mapped to this user. Search for records
by entering some parameters.
4. Search results are displayed for different party ids not related to the
user logged in.

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.