You're almost there! Please answer a few more questions for access to the Applications content. Complete registration
Interested in joining? Complete your registration by providing Areas of Interest here. Register
Get Started with Redwood for Oracle Cloud HCM   Begin Now
To ensure that questions get required attention from community members and are NOT left unanswered, it’s important for the author to indicate (by selecting “Yes” or “No” when prompted) whether the question was answered. (newly added) Please note that it is also important to respond to EACH comment your question receives. Your Yes or No response ensures an accurate status for your question.

For more information, please refer to this announcement explaining best practices for getting answers to questions.

Security weaknesses in the Taleo application

edited Oct 2, 2018 7:39AM in Taleo Enterprise 6 comments

Summary

Security weaknesses in the Taleo application

Content

Hi,

Need to address following secuirty weakness identified by our internal audit team for taleo application

 

Upon applying to the specific job, it allows interested candidates to upload their resumes on the portal

VULNERABILITY

Inappropriate Uploading Mechanism.

OBSERVATION

During the assessment it was identified that the attacker can attach and upload any type of file using uploading mechanism. This vulnerability also allows an attacker to perform CSV injection and reflected file download vulnerabilities.

 

RISK

This vulnerability allows an attacker to upload malicious file contents such as .php, .xml and .exe etc 
Furthermore, by uploading malicious file an attacker could execute arbitrary commands in to the victim machine.

Howdy, Stranger!

Log In

To view full details, sign in.

Register

Don't have an account? Click here to get started!