My Oracle Support Banner

ETL9.2: Data Breach Possible When Using "Edit Time" From The Time Ssummary Page. (Doc ID 2661219.1)

Last updated on APRIL 23, 2020

Applies to:

PeopleSoft Enterprise HCM Time and Labor - Version 9.2 and later
Information in this document applies to any platform.

Symptoms

By using the functionality "Edit Time" from the Time Summary page it is possible to access any timesheet from the system.


STEPS
-----------------------

1. Login as Employee 'ABC'.
2. Enter Time on fluid page on Week 1
3. Login as Employee 'DEF'
4. Enter Time on fluid page on Week 1
5. Open the Time Summary page
6. Click on the Actions button and Edit Time on one of the day with reported time
7. On the URL, replace the EMPLID parameter DEF by ABC that opening other employee Timesheet.

Changes

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.