What are the risks of using the FreeMarker variables utilLocator, objectUtil, and staticUtil

Issue

  • The variables utilLocator, objectUtil, and staticUtil are restricted and inaccessible to the FreeMarker engine.
  • What are the risks of using these variables?

Environment

  • All environments

Resolution

  • If there are no restrictions, Freemarker templates (ADT) can access critical portal components. Depending on the privilege of this variable, this can cause Freemarker models to access privileged portal resources.
  • To mitigate this risk would be that only trusted users should be given the necessary permissions. By limiting who can add/update models in your environment, you can minimize the risk of potential exploitation.
  • Review of owners of existing templates may also be required as they have full privileges on the provided templates.

Additional Information

 

Was this article helpful?
1 out of 1 found this helpful