Double extensions are allowed while adding attachments in Requests

Version 1
    Share This:

    This document contains official content from the BMC Software Knowledge Base. It is automatically updated when the knowledge article is modified.


    BMC Digital Workplace Advanced


    BMC Digital Workplace Basic


    All versions


    When adding an attachment from DWP in a request, system allows to add all extension types if an allowed extension is kept after the blocked one.

    Example – Changing file extension from abc.exe to abc.exe.doc. Windows treats this file as .doc file and not .exe. This will be allowed to be added.



    • Changing the file extension from exe to doc will not make the file vulnerable.
    • Application is allowing user to download the .doc file and not .exe
    • Customer can develop custom plugins for any other requirement such as attachment content validation and add them on the "Attachment Security" tab ("Attachment Validation plugin Name")
    • There are no vulnerability in the product that mandates a fix


    Article Number:


    Article Type:


      Looking for additional information?    Search BMC Support  or  Browse Knowledge Articles