You're almost there! Please answer a few more questions for access to the Applications content. Complete registration
Interested in joining? Complete your registration by providing Areas of Interest here. Register

What verification is performed on images enclosed in invoices submitted to Automated Invoice Process

edited Sep 17, 2020 4:41AM in Payables, Payments & Cash Management 1 comment

Summary

Is there any verification as to the integrity of images processed by the Automated Invoice Processing Cloud Service WebCentre Form to prevent the insertion of malicious code into the cloud system?

Content

An architecture review has identified a potential issue, where malicious code could be embedded in an which in turn could be embedded into a pdf and submitted to B73947 (Oracle Fusion Automated Invoice Processing Cloud Service) or B73948 (Oracle Fusion WebCentre Forms Recognition Cloud Service). In the situation where a third-party image contained malware targeting a known vulnerability in the image processing library, such an image would be uploaded without verification. This increased the risk of denial of service in Integrated Invoice Imaging as well as the risk of remote code execution in the Oracle Cloud.

Howdy, Stranger!

Log In

To view full details, sign in.

Register

Don't have an account? Click here to get started!