Any type of investment, projects or other non-project investment objects (NPIOs) have a potential to expose sensitive data if the end-user tampers with the URL, exposing the Team Staff and Team Detail pages on the investment.
Steps to Reproduce:
Expected Result: User should not have access to these pages and Usual error text: "Error 401 - Unauthorized. You are not authorized to view the page. If you are sure you have access, try logging in again or contact your system administrator should be displayed
Actual Result: An Alert is displayed but all the details related to staffing also displayed.
Release: ESPCLA99000-13.2-Clarity-Extended Support Plus