Forum Stats

  • 3,838,656 Users
  • 2,262,390 Discussions


Checking vulnerabilities for Oracle Data Integrator version

I understand October 2020 Oracle patches included security updates for Oracle Data Integrator (ODI) version

The application admin who is managing ODI for us is really new and used to be with Windows desktop support. He is willing to help but needs guidance on what to look for.

  1. How can we determine if the Oracle Data Integrator version we are running is vulnerable to CVE 2020-5398 or not? The application admin ran a Qualys scan and it did not detect vulnerability for CVE 2020-5398 but an auditor is going to be visiting us soon so we need another confirmation that we are not impacted for CVE 2020-5398. The application admin asked people he knew and did not hear that anyone was using Spring framework whose vulnerability is fixed in CVE 2020-5398 and did not hear anything but since he is new, he is not sure if CVE 2020-5398 affects us or not.
  2. Is there any tool/script by Oracle by which we can definitively know what vulnerabilities affect us for ODI?