My Oracle Support Banner

Fortify Scan Does Not Pass For Some BRM SQL Scripts (Doc ID 2629269.1)

Last updated on JANUARY 30, 2020

Applies to:

Oracle Communications Billing and Revenue Management - Version 7.5.0.19.0 and later
Information in this document applies to any platform.

Symptoms

When using Fortify to scan SQL scripts coming with Oracle Communications Billing and Revenue Management (BRM) there are some security vulnerabilities identified for some of them. It is expected that there should be no vulnerabilities in case of BRM SQL scripts.

This is the detailed report:

Severity Category/Error code                                                        Location                                 Description

High       Privilege Management: Default Function or Procedure Rights   31_create_fn_list_dir.sql          The top-level function or procedure list_dir in 31_create_fn_list_dir.sql does not define an AUTHID clause and therefore defaults to AUTHID DEFINER.

High       Privilege Management: Default Function or Procedure Rights   create_rel_tables_oracle.sql     The top-level function or procedure column_exists in create_rel_tables_oracle.sql does not define an AUTHID clause and therefore defaults to AUTHID DEFINER.

High       Privilege Management: Default Function or Procedure Rights   create_rel_tables_oracle.sql     The top-level function or procedure index_exists in create_rel_tables_oracle.sql does not define an AUTHID clause and therefore defaults to AUTHID DEFINER.

High       Privilege Management: Default Function or Procedure Rights   create_rel_tables_oracle.sql     The top-level function or procedure table_exists in create_rel_tables_oracle.sql does not define an AUTHID clause and therefore defaults to AUTHID DEFINER.

High       Privilege Management: Default Function or Procedure Rights   fix_data_dictionary.sql             The top-level function or procedure test_conversion in fix_data_dictionary.sql does not define an AUTHID clause and therefore defaults to AUTHID DEFINER.

High       Privilege Management: Default Function or Procedure Rights   func_brm_time_EDT.sql           The top-level function or procedure brm_to_date in func_brm_time_EDT.sql does not define an AUTHID clause and therefore defaults to AUTHID DEFINER.

High       Privilege Management: Default Function or Procedure Rights   func_brm_time_EDT.sql           The top-level function or procedure date_to_brm in func_brm_time_EDT.sql does not define an AUTHID clause and therefore defaults to AUTHID DEFINER.

High       Privilege Management: Default Function or Procedure Rights   func_from_unix_dt.sql             The top-level function or procedure from_unix_dt in func_from_unix_dt.sql does not define an AUTHID clause and therefore defaults to AUTHID DEFINER.

High       Privilege Management: Default Function or Procedure Rights   func_to_delayed_poid.sql         The top-level function or procedure to_delayed_poid in func_to_delayed_poid.sql does not define an AUTHID clause and therefore defaults to AUTHID DEFINER.

High       Privilege Management: Default Function or Procedure Rights   func_to_realt_poid.sql             The top-level function or procedure to_realt_poid in func_to_realt_poid.sql does not define an AUTHID clause and therefore defaults to AUTHID DEFINER.

High       Privilege Management: Default Function or Procedure Rights   func_to_unix_dt.sql                 The top-level function or procedure to_unix_dt in func_to_unix_dt.sql does not define an AUTHID clause and therefore defaults to AUTHID DEFINER.

High       Privilege Management: Default Function or Procedure Rights   update_v6.7.4_v6.7.5.sql        The top-level function or procedure proc_create_idx_dupchk in update_v6.7.4_v6.7.5.sql does not define an AUTHID clause and therefore defaults to AUTHID DEFINER.

High       Privilege Management: Default Function or Procedure Rights   update_v6.7.4_v6.7.5.sql        The top-level function or procedure proc_drop_idx_dupchk in update_v6.7.4_v6.7.5.sql does not define an AUTHID clause and therefore defaults to AUTHID DEFINER.

High       Privilege Management: Default Function or Procedure Rights   update_v6.7.4_v6.7.5.sql        The top-level function or procedure proc_check_idx_dupchk in update_v6.7.4_v6.7.5.sql does not define an AUTHID clause and therefore defaults to AUTHID DEFINER.

High       Privilege Management: Default Package Rights                       create_acct_sync_pkg.sql        The package acct_sync in create_acct_sync_pkg.sql does not define an AUTHID clause and therefore defaults to AUTHID DEFINER.

High       Privilege Management: Default Package Rights                       create_amt_mv_pkb.sql          The package amt_mv in create_amt_mv_pkb.sql does not define an AUTHID clause and therefore defaults to AUTHID DEFINER.

High       Privilege Management: Default Package Rights                       create_portal_sync_pkg.sql     The package portal_sync in create_portal_sync_pkg.sql does not define an AUTHID clause and therefore defaults to AUTHID DEFINER.

High       Privilege Management: Default Package Rights                       fix_data_dictionary.sql            The package pin_fix_dd in fix_data_dictionary.sql does not define an AUTHID clause and therefore defaults to AUTHID DEFINER.



Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.