What verification is performed on images enclosed in invoices submitted to Automated Invoice Process
Summary
Is there any verification as to the integrity of images processed by the Automated Invoice Processing Cloud Service WebCentre Form to prevent the insertion of malicious code into the cloud system?Content
An architecture review has identified a potential issue, where malicious code could be embedded in an which in turn could be embedded into a pdf and submitted to B73947 (Oracle Fusion Automated Invoice Processing Cloud Service) or B73948 (Oracle Fusion WebCentre Forms Recognition Cloud Service). In the situation where a third-party image contained malware targeting a known vulnerability in the image processing library, such an image would be uploaded without verification. This increased the risk of denial of service in Integrated Invoice Imaging as well as the risk of remote code execution in the Oracle Cloud.
Tagged:
1