This document contains official content from the BMC Software Knowledge Base. It is automatically updated when the knowledge article is modified.
BMC Digital Workplace Advanced
BMC Digital Workplace Basic
When adding an attachment from DWP in a request, system allows to add all extension types if an allowed extension is kept after the blocked one.
Example – Changing file extension from abc.exe to abc.exe.doc. Windows treats this file as .doc file and not .exe. This will be allowed to be added.
- Changing the file extension from exe to doc will not make the file vulnerable.
- Application is allowing user to download the .doc file and not .exe
- Customer can develop custom plugins for any other requirement such as attachment content validation and add them on the "Attachment Security" tab ("Attachment Validation plugin Name")
- There are no vulnerability in the product that mandates a fix