Fixed defects

This section describes the fixed defects in the 10.0 version of Marketing Platform.

DEF 195923 You were unable to open the eMessage editor when the Marketing Platform audit feature was enabled. This has been fixed.
APAR 191593, DEF 189379 Scheduling multiple runs over a long period of time caused poor performance. This has been fixed.
APAR PO04930, DEF 190408 An exception occurred when you deleted old trigger-based schedules. This has been fixed.
APAR PO04977, DEF 191457 The Scheduled tasks and Scheduled runs pages became unresponsive if you selected the All pagination link or clicked Refresh when a large number of records was present . This has been fixed.
PMR 77210, PMR 208366, PMR 206714, PMR 190824, PMR 191458 The Scheduled tasks and Scheduled runs pages were slow to refresh when sorting, paging, and filtering. This has been fixed.
APAR PI35736, DEF 185447 When Marketing Platform was in a multi-partition environment and was integrated with Cognos for reporting, dashboard portlets showed only partition1 data for all partitions. This has been fixed.
PMR 210697 Editing a schedule caused the schedule to run unexpectedly when changes were saved. This has been fixed
APAR PO05741, DEF 210944 An XML external entity (XXE) vulnerability existed for Marketing Platform URLs. This issue has been fixed.
APAR PO05878, DEF 215727 A cross-site scripting (XSS) attack could be carried out when you edited dashboard portlets, and an open redirect was possible through the Scheduled Runs page. This issue has been fixed.
APAR PO05732, DEF 210793 If you changed the throttling group for a schedule that was configured to run on a trigger, the schedule ran unexpectedly. This issue has been fixed.
APAR PO05662, DEF 206810 To implement SAML 2.0 based federated authentication, you must run some SQL scripts against your Marketing Platform system tables. There was a syntax error in the DatabaseScript_DB2.sql file that caused an error. This issue has been fixed.
APAR PO05004, DEF 192037 A persistent cross-site scripting (XSS) attack could be carried out using the navigation URL configuration property in Marketing Platform. This has been fixed.
APAR PO05683, DEF 208130 In an environment integrated with SiteMinder, users who were logged in to Marketing Operations and who then logged out could return to Marketing Operations as an "Unknown user" without being properly authenticated. This has been fixed.
APAR PO05712, DEF 210187 There was a cross site request forgery vulnerability. This has been fixed.
APAR PO05621, DEF 205746 You could not use the Oracle failover JDBC connection string. Long oracle failover URLs did not work in Marketing Platform JDBC connections.

A code change now allows the system to read the JDBC information from the following JVM parameters. Add these parameters to all JVMs that share the same Marketing Platform database.


-DUNICA_PLATFORM_DB_HOSTNAME=Marketing_Platform_database_host
-DUNICA_PLATFORM_DB_PORT=Marketing_Platform_database_port
-DUNICA_PLATFORM_DB_DBNAME=Marketing_Platform_database_name
Note: You can use any value as the host name. This name is used internally to identify the Marketing Platform database.
Enhancement 204263 Added single sign-on to Marketing Platform using the SAML 2.0 protocol.
APAR PO05004, DEF 193847 A persistent cross-site scripting (XSS) attack could be carried out using the Edit job notification window for the HCL® Marketing Software Scheduler. This issue has been fixed.
APAR PO05296, DEF 198529 Email notifications stopped working because of an integrity constraint error when the application tried to remove old notifications. This issue has been fixed.
Enhancement 192486, PMR 192256 When a Distributed Marketing user logged in as a field marketer tried to run an on-demand campaign, the following error was generated in Campaign: This action requires proper privileges. This issue has been fixed.
APAR PO05412 DEF 200922 A user could add data to user detail fields for external users that were imported from an LDAP server, although these fields should be read only. These changes could be saved. This issue has been fixed.
APAR PO05117, DEF 194371 The application lacked click jacking protection. Attackers could trick users into clicking and invoking unwanted requests. This has been fixed.
APAR PO05120, DEF 194413 When a Cognos report custom portlet was created in a dashboard, it appeared blank in the Chrome browser. This has been fixed.
APAR PO05246, DEF 197664 Periodic 1717 error messages were thrown in the campaignweb.log. This issue has been fixed.
PMR216025 Campaign flowcharts were loading slowly. This has been fixed.
PMR 51165 There was a cross-site scripting vulnerability on the Scheduled Tasks page in the HCL Marketing Software Scheduler. This page took input from the user and sent it back to the browser as part of the HTML response without validation or encoding. This has been fixed.