Double extensions are allowed while adding attachments in Requests

Version 1
    Share This:

    This document contains official content from the BMC Software Knowledge Base. It is automatically updated when the knowledge article is modified.


    PRODUCT:

    BMC Digital Workplace Advanced


    COMPONENT:

    BMC Digital Workplace Basic


    APPLIES TO:

    All versions



    QUESTION:

    When adding an attachment from DWP in a request, system allows to add all extension types if an allowed extension is kept after the blocked one.

    Example – Changing file extension from abc.exe to abc.exe.doc. Windows treats this file as .doc file and not .exe. This will be allowed to be added.


    ANSWER:

     

       
    • Changing the file extension from exe to doc will not make the file vulnerable.
    •  
    • Application is allowing user to download the .doc file and not .exe
    •  
    • Customer can develop custom plugins for any other requirement such as attachment content validation and add them on the "Attachment Security" tab ("Attachment Validation plugin Name")
    •  
    • There are no vulnerability in the product that mandates a fix

     


    Article Number:

    000226144


    Article Type:

    FAQ/Procedural



      Looking for additional information?    Search BMC Support  or  Browse Knowledge Articles