Emails with Bad CC Addresses Sent with Private Server Name
(Doc ID 2309763.1)
Last updated on APRIL 22, 2019
Applies to:PeopleSoft Enterprise CS Student Records - Version 9.2 and later
Information in this document applies to any platform.
On : 9.2 version, Student Records Other
Emails with bad CC addresses sent with private server name
Go to send notification to the Advisor from student center page and enter a text in the CC area without a @url and send the email, the student center appends the private server name to the CC text, resulting in the person/people in the "To" address field being able to see our private server name in the CC area of their email. This is a security issue.
Is there a bug fix or a known configuration setting that can prevent the appending private server names to the emails?
Any bad email address/text in CC/To should not be appended with private server name
The issue can be reproduced at will with the following steps:
1. Login as a student, Navigate to Main Menu > Self Service > Student Center
2. Click "details" in the Advisor group box,
3. Click "Notify All Advisors" or select an advisor and click "Notify Selected Advisors"
4. Enter a text in the CC area without a @url (say - XYZ)
5. Hit Send Notification button
6. See the email the private server name is appended to the CC text (XYZ@servername.oracle.com), resulting in the person/people in the "To" address field being able to see the private server name in the CC area of their email. This is a security issue.
The issue has the following business impact:
This is a security issue
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document