SecurID® Governance & Lifecycle Knowledge Base
Find answers to your questions and identify resolutions for known issues with knowledge base articles written by SecurID Governance & Lifecycle experts.
Article Number
000036944
Applies To
RSA Product Set: Identity Governance & Lifecycle
RSA Product/Service Type: Enterprise Software
RSA Version/Condition: 7.0.1, 7.0.2, 7.1.x
RSA Product/Service Type: Enterprise Software
RSA Version/Condition: 7.0.1, 7.0.2, 7.1.x
Issue
The Access Request Manager (ARM) provides a mechanism to upload and download attachments related to a specific access request. It allows for the executable file to be uploaded and attached to the request. However, this process does not check uploaded files for viruses. Therefore, context was able to upload and subsequently download a benign virus test file (EICAR) through the system, using this upload feature.
Image description
Image descriptionResolution
There are steps to restrict the file types that can be attached to a request ( .doc, .png, and so on).
Image description
Image description
Image description
Image description
Image description
8. Click Choose File to select a file that has an extension that matches the one(s) defined in step 3.
Image description
9. Click Upload Attachment. The file with the valid file extension is accepted.
Image description
- Go to Requests > Configuration.
Image description- Click Edit.
- Enter the valid file extensions into the text box labeled Valid extensions for request: attachments (comma separated).
Image description- Click OK to save.
Image description- To test this configuration change. create a Change Request then select the Change Request.
- Click Choose File to select an .exe file.
Image description- Click Upload Attachment and the following message should display:
Invalid extension for upload.
Image description 8. Click Choose File to select a file that has an extension that matches the one(s) defined in step 3.
Image description9. Click Upload Attachment. The file with the valid file extension is accepted.
Image descriptionIn this article
