Emails with Bad CC Addresses Sent with Private Server Name

(Doc ID 2309763.1)

Last updated on OCTOBER 01, 2017

Applies to:

PeopleSoft Enterprise CS Student Records - Version 9.2 and later
Information in this document applies to any platform.

Symptoms

On : 9.2 version, Student Records Other

ACTUAL BEHAVIOR
---------------
Emails with bad CC addresses sent with private server name

Go to send notification to the Advisor from student center page and enter a text in the CC area without a @url and send the email, the student center appends the private server name to the CC text, resulting in the person/people in the "To" address field being able to see our private server name in the CC area of their email. This is a security issue.

Is there a bug fix or a known configuration setting that can prevent the appending private server names to the emails?

EXPECTED BEHAVIOR
-----------------------
Any bad email address/text in CC/To should not be appended with private server name

STEPS
-----------------------
The issue can be reproduced at will with the following steps:
1. Login as a student, Navigate to Main Menu > Self Service > Student Center
2. Click "details" in the Advisor group box,
3. Click "Notify All Advisors" or select an advisor and click "Notify Selected Advisors"
4. Enter a text in the CC area without a @url (say - XYZ)
5. Hit Send Notification button
6. See the email the private server name is appended to the CC text (XYZ@servername.oracle.com), resulting in the person/people in the "To" address field being able to see the private server name in the CC area of their email. This is a security issue.

BUSINESS IMPACT
-----------------------
The issue has the following business impact:
This is a security issue

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms