We're running a Web Agent and this one reports in the logs the SMSESSION value
"SMSESSION=data_supressed" but on the same transaction, on
auto-authorize URL, the SMSESSION is visible in the logs.
We'd like to know why ?
We refer to this given fix in 12.52SP1CR09 :
Defects Fixed in 12.52 SP1 CR09
SMSESSION logs the SMQUERYDATA value when it is passes as a query in a URL.
Is that a vulnerability ?
Web Agent 12.52SP1CR09
The above fix is not about a vulnerability. It's about Web Agent
logging which produces a crash of the Web Agent on protected