Fusion Workforce Directory: Users Can Access Personal Information Of Any Employee Across The Enterprise Via Portrait Gallery. (Doc ID 1915026.1)

Last updated on APRIL 07, 2016

Applies to:

Oracle Fusion Workforce Directory Management - Version 11.1.8.0.0 and later
Information in this document applies to any platform.

Symptoms

STATEMENT OF THE ISSUE:
-----------------------------------
Users can access personal information of any employee across the enterprise via Portrait Gallery. When pulling another employee up in Person Gallery, users can access inappropriate data by clicking on the Personal Info and Benefits radio buttons. They then have access to information including national identification number, compensation level, home address and phone, contact/dependent information.


STEPS TO REPLICATE
--------------------
1. Login as an employee and Navigate to Person Gallery.
2. Search for any other employee
3. Click on the Person name to open the Gallery details of the person.
4. Note that the employee can see all the personal information of other employee whom he searched.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms