Problem:  Customer Derco (Lockheed Martin), an Apps 9 - UPD 16 customer, has applied patches of CVE-2021-44228 but noted afterwards how they still have vulnerabilities

Recreated in Core:  no - issue is environment specific

Recreated in Customer Environment:  yes - problem is specific to Derco - Lockheed Martin environments

Business Impact:  ITAR customer now has security audit findings

Importance:  Potential for trouble with auditors and security exposure will grow the longer these vulnerabilities exist

Case ID:  G2319565 (LCS)

Request from R&D:  WHAT CAN BE DONE REGARDING THE FOLLOWING VULNERABILITIES FOR APPS9 - UPD16 USERS WHICH HAVE ITAR REQUIREMENTS?  A list of the customer’s internal audit findings follows:

“Our scan show the vulnerability on IFS application

I:\ifs\DEV9/mw_home/mws\inventory\featuresets\wls_server_12.2.1.4.0.xml found
HKLM\Software\Oracle\KEY_IFS_AS_20200408152712163 Key found
HKLM\Software\Oracle\KEY_IFS_AS_20200408165031939 Key found
HKLM\Software\Oracle\KEY_IFS_AS_20200921135815719 Key found
HKLM\Software\Oracle\KEY_IFS_AS_20200921143606590 Key found
HKLM\Software\Oracle\KEY_IFS_AS_20200921154140753 Key found
HKLM\Software\Oracle\KEY_IFS_AS_20200921160726637 Key found
HKLM\Software\Oracle\KEY_IFS_AS_20200921165023160 Key found
HKLM\Software\Oracle\KEY_IFS_AS_20200921182027447 Key found
HKLM\Software\Oracle\KEY_IFS_AS_20200925140639729 Key found
HKLM\Software\Oracle\KEY_IFS_AS_20201111120722913 Key found
HKLM\Software\Oracle\KEY_IFS_AS_20210420103856250 Key found
HKLM\Software\Oracle\KEY_IFS_AS_20210603114724422 Key found
HKLM\Software\Oracle\KEY_IFS_AS_20220125113410987 Key found
HKLM\Software\Oracle\KEY_IFS_AS_20220125120113399 Key found
Patch ID 33691226 not installed”