Even after restricting the .exe extension able to upload such attachments from both the Employee and Analyst interface.

Steps:

1. Modify the SDM repository to set 'Prohibited File Types ' as .exe/.XML

2. While uploading attachment use burf suit or some other way to replace a file name having .exe with a .txt file.

   3. Also, tweak the code to skip the validateFileExt method of the javascript layer

4. Upload of .exe file will be successful here.

CA Service Desk Manager 17.4

This is happening because we don't make any verification of the file extension in the uploadServlet java layer.

The fix for this issue will be part of 17.4 RU4.