Vulnerabilities Reported in Out-of-box BRM Code (Doc ID 2700694.1)

Last updated on OCTOBER 02, 2022

Applies to:

Oracle Communications Billing and Revenue Management - Version 7.5.0.22.0 and later
Information in this document applies to any platform.

Symptoms

Vulnerabilities reported in out-of-box Billing and Revenue Management (BRM) code when running Fortify scan static source analyzer on BRM code.

The following are reported:

1. Memory leak issues reported in C files (fm_cust_pol_encrypt_passwd.c)

2. NULL de-reference issues

2.1 Sample_who.c line #275

2.2 PinFlist.h:1737 at PIN_FLIST_DESTROY_EX(&m_flistp, 0)

2.3 PinFlist.h:1754 - PIN_FLIST_DESTROY(m_flistp, 0)

2.4 PinFlist.h:1778 - PIN_FLIST_DESTROY(m_flistp, 0)

2.5 PinFlist.h:1764 - PIN_FLIST_DESTROY(m_flistp, 0)

2.6 PinPoid.h:373 - PIN_POID_DESTROY(m_poidp, 0)

2.7 PinPoid.h:348 - PIN_POID_DESTROY(m_poidp, 0)

2.8 PinPoid.h:362 - PIN_POID_DESTROY(m_poidp, 0)

2.9 PinPoid.h:338 - PIN_POID_DESTROY(m_poidp, 0)

2.10 fm_cust_pol_get_db_no.c:1131 -db_no_p

2.11 fm_cust_pol_get_db_no.c:1120 - db_no_p

2.12 fm_cust_pol_get_db_no.c:1037 - db_no_p

2.13 fm_cust_pol_valid_passwd.c:322

3. Password: hard-coded password in sample_search.c:302

4. Type Mismatch: Signed to Unsigned in PinSimplePtrTypeWrapper.h

Cause

	To view full details, sign in with your My Oracle Support account.
	Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.

Vulnerabilities Reported in Out-of-box BRM Code (Doc ID 2700694.1)

Applies to:

Symptoms

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!