Problem: Customer Derco (Lockheed Martin), an Apps 9 - UPD 16 customer, has applied patches of CVE-2021-44228 but noted afterwards how they still have vulnerabilities
Recreated in Core: no - issue is environment specific
Recreated in Customer Environment: yes - problem is specific to Derco - Lockheed Martin environments
Business Impact: ITAR customer now has security audit findings
Importance: Potential for trouble with auditors and security exposure will grow the longer these vulnerabilities exist
Case ID: G2319565 (LCS)
Request from R&D: WHAT CAN BE DONE REGARDING THE FOLLOWING VULNERABILITIES FOR APPS9 - UPD16 USERS WHICH HAVE ITAR REQUIREMENTS? A list of the customer’s internal audit findings follows:
“Our scan show the vulnerability on IFS application
I:\ifs\DEV9/mw_home/mws\inventory\featuresets\wls_server_12.2.1.4.0.xml found
HKLM\Software\Oracle\KEY_IFS_AS_20200408152712163 Key found
HKLM\Software\Oracle\KEY_IFS_AS_20200408165031939 Key found
HKLM\Software\Oracle\KEY_IFS_AS_20200921135815719 Key found
HKLM\Software\Oracle\KEY_IFS_AS_20200921143606590 Key found
HKLM\Software\Oracle\KEY_IFS_AS_20200921154140753 Key found
HKLM\Software\Oracle\KEY_IFS_AS_20200921160726637 Key found
HKLM\Software\Oracle\KEY_IFS_AS_20200921165023160 Key found
HKLM\Software\Oracle\KEY_IFS_AS_20200921182027447 Key found
HKLM\Software\Oracle\KEY_IFS_AS_20200925140639729 Key found
HKLM\Software\Oracle\KEY_IFS_AS_20201111120722913 Key found
HKLM\Software\Oracle\KEY_IFS_AS_20210420103856250 Key found
HKLM\Software\Oracle\KEY_IFS_AS_20210603114724422 Key found
HKLM\Software\Oracle\KEY_IFS_AS_20220125113410987 Key found
HKLM\Software\Oracle\KEY_IFS_AS_20220125120113399 Key found
Patch ID 33691226 not installed”
