Fortify Scan Does Not Pass For Some BRM SQL Scripts
(Doc ID 2629269.1)
Last updated on FEBRUARY 28, 2024
Applies to:
Oracle Communications Billing and Revenue Management - Version 7.5.0.19.0 to 12.0.0.5.0 [Release 7.5.0 to 12.0.0]Information in this document applies to any platform.
Symptoms
When using Fortify to scan SQL scripts coming with Oracle Communications Billing and Revenue Management (BRM) there are some security vulnerabilities identified for some of them. It is expected that there should be no vulnerabilities in case of BRM SQL scripts.
This is the detailed report:
Severity Category/Error code Location Description
High Privilege Management: Default Function or Procedure Rights 31_create_fn_list_dir.sql The top-level function or procedure list_dir in 31_create_fn_list_dir.sql does not define an AUTHID clause and therefore defaults to AUTHID DEFINER.
High Privilege Management: Default Function or Procedure Rights create_rel_tables_oracle.sql The top-level function or procedure column_exists in create_rel_tables_oracle.sql does not define an AUTHID clause and therefore defaults to AUTHID DEFINER.
High Privilege Management: Default Function or Procedure Rights create_rel_tables_oracle.sql The top-level function or procedure index_exists in create_rel_tables_oracle.sql does not define an AUTHID clause and therefore defaults to AUTHID DEFINER.
High Privilege Management: Default Function or Procedure Rights create_rel_tables_oracle.sql The top-level function or procedure table_exists in create_rel_tables_oracle.sql does not define an AUTHID clause and therefore defaults to AUTHID DEFINER.
High Privilege Management: Default Function or Procedure Rights fix_data_dictionary.sql The top-level function or procedure test_conversion in fix_data_dictionary.sql does not define an AUTHID clause and therefore defaults to AUTHID DEFINER.
High Privilege Management: Default Function or Procedure Rights func_brm_time_EDT.sql The top-level function or procedure brm_to_date in func_brm_time_EDT.sql does not define an AUTHID clause and therefore defaults to AUTHID DEFINER.
High Privilege Management: Default Function or Procedure Rights func_brm_time_EDT.sql The top-level function or procedure date_to_brm in func_brm_time_EDT.sql does not define an AUTHID clause and therefore defaults to AUTHID DEFINER.
High Privilege Management: Default Function or Procedure Rights func_from_unix_dt.sql The top-level function or procedure from_unix_dt in func_from_unix_dt.sql does not define an AUTHID clause and therefore defaults to AUTHID DEFINER.
High Privilege Management: Default Function or Procedure Rights func_to_delayed_poid.sql The top-level function or procedure to_delayed_poid in func_to_delayed_poid.sql does not define an AUTHID clause and therefore defaults to AUTHID DEFINER.
High Privilege Management: Default Function or Procedure Rights func_to_realt_poid.sql The top-level function or procedure to_realt_poid in func_to_realt_poid.sql does not define an AUTHID clause and therefore defaults to AUTHID DEFINER.
High Privilege Management: Default Function or Procedure Rights func_to_unix_dt.sql The top-level function or procedure to_unix_dt in func_to_unix_dt.sql does not define an AUTHID clause and therefore defaults to AUTHID DEFINER.
High Privilege Management: Default Function or Procedure Rights update_v6.7.4_v6.7.5.sql The top-level function or procedure proc_create_idx_dupchk in update_v6.7.4_v6.7.5.sql does not define an AUTHID clause and therefore defaults to AUTHID DEFINER.
High Privilege Management: Default Function or Procedure Rights update_v6.7.4_v6.7.5.sql The top-level function or procedure proc_drop_idx_dupchk in update_v6.7.4_v6.7.5.sql does not define an AUTHID clause and therefore defaults to AUTHID DEFINER.
High Privilege Management: Default Function or Procedure Rights update_v6.7.4_v6.7.5.sql The top-level function or procedure proc_check_idx_dupchk in update_v6.7.4_v6.7.5.sql does not define an AUTHID clause and therefore defaults to AUTHID DEFINER.
High Privilege Management: Default Package Rights create_acct_sync_pkg.sql The package acct_sync in create_acct_sync_pkg.sql does not define an AUTHID clause and therefore defaults to AUTHID DEFINER.
High Privilege Management: Default Package Rights create_amt_mv_pkb.sql The package amt_mv in create_amt_mv_pkb.sql does not define an AUTHID clause and therefore defaults to AUTHID DEFINER.
High Privilege Management: Default Package Rights create_portal_sync_pkg.sql The package portal_sync in create_portal_sync_pkg.sql does not define an AUTHID clause and therefore defaults to AUTHID DEFINER.
High Privilege Management: Default Package Rights fix_data_dictionary.sql The package pin_fix_dd in fix_data_dictionary.sql does not define an AUTHID clause and therefore defaults to AUTHID DEFINER.
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Symptoms |
Cause |
Solution |
References |