Case Project 3 - 1: Determining Vulnerabilities for a Database Server You have interviewed Ms. Erin Roye, an IT staff member, after conducting your initial security testing of the Alexander Rocco Corporation. She informs you that the company is running Oracle 10g for its personnel database. You decide to research whether Oracle 10g has any known vulnerabilities that you can include in your report to Ms. Roye. You don’t know whether Ms. Roye has installed any patches or software fixes; you simply want to create a report with general information. Based on this information, write a memo to Ms. Roye describing any CVEs (common vulnerabilities and exposures) or CAN (candidate) documents you found related to Oracle 10g. (Hint: A search at US-CERT, www.us-cert.gov, can save you a lot of time.) If you do find vulnerabilities, your memo should include recommendations and be written in a way that doesn’t generate fear or uncertainty but encourages prudent decision making.
Here's your answer:
Hello Erin,
I hope you are doing well. After conducting the security analysis on the database Oracle 10g that currently Alexander Rocco Corporation is using, I found there are many security vulnerabilities not addressed at all. I would like to bring this to your notice. There are total number of 24 detected security vulnerabilities in Oracle 10g. Some security threats have been not disclosed publicly and some vulnerabilities have been disclosed. Among 24 security threats, I would like to discuss few important threats that Alexander might face based on the current scenarios.
It is the need of the hour that these security vulnerabilities have been addressed at the earliest at Alexander to protect user(s) and company’s confidential data by upgrading to the latest code base.
Thank you
Case Project 3 - 1: Determining Vulnerabilities for a Database Server You have interviewed Ms. Erin...