Question

Security Risk - Private Outlook Content Visible to all

Hi,

I have reported to BPM support under ticket ref: #SR-0797073 an issue I have found with using Outlook calendars that sync with BPM.

When marking within Outlook a meeting/event as Private, this is used to prevent users who have access to view (read) your calendar that you are busy, but does not show the subject or body content of that event as you have marked it not to be visible to anyone else.

However, when that event is sync'd to BPM and is shown in your calendar within the BPM calendar screen the full subject and message body is displayed. Therefore, BPM is not maintaining the secure status of that event and preventing other users seeing what you do not wish to share.

I am posting this on here, as so far all I am getting is that they will look into this and I consider this to be a serious security issue with sensitive information being displayed by BPM that should not be.

Like 1

Like

1 comments

Dear Mark,

I have forwarded your request to our business analysts. They will evaluate the possibility of implementation in future system releases. Thank you for your suggestion! 

Best regards,

Angela

Show all comments