My Oracle Support Banner

Spring framework version vulnerability in FCC Studio (Doc ID 2741684.1)

Last updated on JANUARY 11, 2021

Applies to:

Oracle Financial Services Crime and Compliance Management Studio - Version 8.0.8 and later
Information in this document applies to any platform.

Symptoms

User encountered Spring Framework version Vulnerability for the FCC Studio application spring jar.

Steps to reproduce :

Step 1 : Perform security vulnerability test 

Step 2 : Check for security issues

Expected result :

Security test must be passed without any issues

Actual result :

Encountered security vulnerability issues

Issue Encountered :

system had captured the Spring Framework version Vulnerability for the FCC Studio application spring jar.

Below are the list of the Spring Vulnerabilities and recommendations.

1. Path : /app/fccstudio/OFS_FCCM_STUDIO/datastudio/server/lib/spring-core-5.1.7.RELEASE.jar
Installed version : 5.1.7.RELEASE
Fixed version : 5.1.13

2. Path : /app/fccstudio/OFS_FCCM_STUDIO/interpreters/interpreter/fcc-livy/spring-core-4.3.0.RELEASE.jar
Installed version : 4.3.0.RELEASE
Fixed version : 4.3.16

Changes

 NA

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.