File upload not validating extension
We have recently purchased/installed DevTest 10.6 and our security team has shared the below findings:
Many applications use the file upload features to load various data and allow editing. However, only the allowed file types during the application process should be allowed for loading. The application's needs, when determining the file types to allow, should be observed. Otherwise, attackers can upload a different file type to defacement, command execution, it can perform attacks such as roaming system files, exploiting local vulnerabilities.
Release : 10.6
Component : CA Service Virtualization
This will be addressed in DevTest 10.7