Need to know the status of VAPT findings as per report published on 25th Apr'23
Summary:
Regarding "PENETRATION TEST EXECUTIVE SUMMARY REPORT WEB APPLICATION | ORACLE FUSION 22A" VAPT report, there were 2 open findings, pasted below:
3. Vulnerable JavaScript Dependency (Vendor Rating – Medium | CVSS – 6.1)
Mitigation: This finding is being tracked by ticket 35083980 and is scheduled to be
resolved in the 23C release.
4. User Enumeration in Oracle Social Network (Vendor Rating – Low | CVSS – 4.3)
Mitigation: This finding was tracked by ticket 31711679 and deemed an operational
requirement.
We need to know the status of the same. Our Auditor needs an update on these findings. Attaching the VAPT report for reference.
Content (required): VAPT
Version (include the version you are using, if applicable): 23C