My Oracle Support Banner

Vulnerabilities Reported in Out-of-box BRM Code (Doc ID 2700694.1)

Last updated on FEBRUARY 15, 2024

Applies to:

Oracle Communications Billing and Revenue Management - Version and later
Information in this document applies to any platform.


Vulnerabilities reported in out-of-box Billing and Revenue Management (BRM) code when running Fortify scan static source analyzer on BRM code.

The following are reported:

1. Memory leak issues reported in C files (fm_cust_pol_encrypt_passwd.c)

2. NULL de-reference issues

    2.1 Sample_who.c line #275 

    2.2 PinFlist.h:1737 at PIN_FLIST_DESTROY_EX(&m_flistp, 0)

    2.3 PinFlist.h:1754 - PIN_FLIST_DESTROY(m_flistp, 0)

    2.4 PinFlist.h:1778 - PIN_FLIST_DESTROY(m_flistp, 0)

    2.5 PinFlist.h:1764 - PIN_FLIST_DESTROY(m_flistp, 0)

    2.6 PinPoid.h:373 - PIN_POID_DESTROY(m_poidp, 0)

    2.7 PinPoid.h:348 - PIN_POID_DESTROY(m_poidp, 0)

    2.8 PinPoid.h:362 - PIN_POID_DESTROY(m_poidp, 0)

    2.9 PinPoid.h:338 - PIN_POID_DESTROY(m_poidp, 0)

    2.10 fm_cust_pol_get_db_no.c:1131 -db_no_p

    2.11 fm_cust_pol_get_db_no.c:1120 - db_no_p 

    2.12 fm_cust_pol_get_db_no.c:1037 - db_no_p 

    2.13 fm_cust_pol_valid_passwd.c:322

3. Password: hard-coded password in sample_search.c:302

4. Type Mismatch: Signed to Unsigned in PinSimplePtrTypeWrapper.h


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.