AG system is being activated DesktopDirect functionality enables a vulnerability that can be exploited.

Solution: Deny the ";" in 9090 port which is art server to aviod this issue.

old version use url https://<virtual site>/prx/000/http/localhost:9090/login/;/..%2F..%2F..%2F..%2F..%2Fquery/clientres?_uname=array

will get the leak information info like below.

  var _dd_client_res={"resources":{"DesktopDirectTCS.cab":{"ver":1,"url":"/prx/000/http/localhost/dd_clients/1/","CLSID":"A4E4C162-7EE3-47E1-A6B4-1BED1233616F","ActiveXVer":"4,0,0,56"},"JDesktopDirectTCS.jar":{"ver":56,"url":"/prx/000/http/localhost/dd_clients/1/","code":"com.desktopdirect.client.tcsgui"}}};
update version will get "Unable to process request Request denied by URL filtering"