We're running a Web Agent and this one reports in the logs the SMSESSION value
"SMSESSION=data_supressed" but on the same transaction, on
auto-authorize URL, the SMSESSION is visible in the logs.
We'd like to know why ?
We refer to this given fix in 12.52SP1CR09 :
Defects Fixed in 12.52 SP1 CR09
00979227 DE350367
SMSESSION logs the SMQUERYDATA value when it is passes as a query in a URL.
https://docops.ca.com/ca-single-sign-on/12-52-sp1/en/release-notes/cumulative-releases/defects-fixed-in-12-52-sp1-cr09#DefectsFixedin12.52SP1CR09-WebAgent
Is that a vulnerability ?
Web Agent 12.52SP1CR09
The above fix is not about a vulnerability. It's about Web Agent
logging which produces a crash of the Web Agent on protected
resource.