SmartPayVulnerabilities-ActionTaken

Categories: Network

Smarty Server Vulnerabilities

Type Vulnerability Action Taken Resolved

Critical 2.2.1. Vulnerability : Oracle Java SE Multiple Vulnerabilities (July 2016 CPU) (Unix) - 0/tcp - general Java Version Updated Yes

High 2.3.1. Vulnerability : RHEL 7 : kernel (RHSA-2019:1481) (SACK Panic) (SACK Slowness) - 0/tcp - general Apply Security patches on Server - Redhat 7.

Get quality help now
Bella Hamilton
Bella Hamilton
checked Verified writer

Proficient in: Network

star star star star 5 (234)

“ Very organized ,I enjoyed and Loved every bit of our professional interaction ”

avatar avatar avatar
+84 relevant experts are online
Hire writer

6 Yes

High 2.3.2. Vulnerability : RHEL 7 : bind (RHSA-2019:1294) - 0/tcp - general Apply Security patches on Server - Redhat 7.6 Yes

High 2.3.3. Vulnerability : RHEL 7 : libssh2 (RHSA-2019:0679) - 0/tcp - general Apply Security patches on Server - Redhat 7.6 Yes

High Vulnerability : RHEL 7 : kernel (RHSA-2019:0512) - 0/tcp - general Apply Security patches on Server - Redhat 7.6 Yes

High 2.3.5. Vulnerability : RHEL 7 : perl (RHSA-2019:0109) - 0/tcp - general Apply Security patches on Server - Redhat 7.6 Yes

High 2.3.6. Vulnerability : RHEL 7 : systemd (RHSA-2019:0049) - 0/tcp - general Apply Security patches on Server - Redhat 7.6 Yes

High 2.3.7. Vulnerability : RHEL 7 : NetworkManager (RHSA-2018:3665) - 0/tcp - general Apply Security patches on Server - Redhat 7.6 Yes

High 2.3.8. Vulnerability : RHEL 7 : kernel (RHSA-2018:3651) - 0/tcp - general Apply Security patches on Server - Redhat 7.6 Yes

High 2.3.9. Vulnerability : Oracle Java SE 1.7.0_221 / 1.8.0_211 / 1.11.0_3 / 1.12.0_1 Multiple Vulnerabilities

(Apr 2019 CPU) (Unix) - 0/tcp - general Java Version Updated Yes

High 2.3.10. Vulnerability : Oracle Java SE Multiple Vulnerabilities (April 2018 CPU) (Unix) - 0/tcp - general Java Version Updated Yes

High 2.3.11. Vulnerability : Oracle Java SE Multiple Vulnerabilities (January 2018 CPU) (Unix) - 0/tcp - general Java Version Updated Yes

High 2.3.12. Vulnerability : Oracle Java SE Multiple Vulnerabilities (October 2017 CPU) (Unix) - 0/tcp - general Java Version Updated Yes

High 2.3.13. Vulnerability : Oracle Java SE Multiple Vulnerabilities (July 2017 CPU) (Unix) - 0/tcp - general Java Version Updated Yes

High 2.3.14. Vulnerability : Oracle Java SE Multiple Vulnerabilities (April 2017 CPU) (Unix) - 0/tcp - general Java Version Updated Yes

High 2.3.15. Vulnerability : Oracle Java SE Multiple Vulnerabilities (January 2017 CPU) (Unix) (SWEET32) -

0/tcp - general Java Version Updated Yes

High 2.3.16. Vulnerability : Oracle Java SE Multiple Vulnerabilities (October 2016 CPU) (Unix) - 0/tcp - general Java Version Updated Yes

Medium 2.4.1. Vulnerability : RHEL 7 : python (RHSA-2019:1587) - 0/tcp - general Apply Security patches on Server - Redhat 7.6 Yes

Medium SSL Certificate Cannot Be Trusted T4s certificate in application server and boc.lk certificate is used in web servers. Yes

Medium SSL Self-Signed Certificate T4s certificate is installed application servers and boc.lk certificate is installed in web servers. Yes

Medium Oracle Java SE Multiple Vulnerabilities (July 2018 CPU) (Unix) Java version updated Yes

Medium Oracle Java SE Multiple Vulnerabilities (October 2018 CPU) (Unix) Java version updated Yes

Medium Oracle Java SE 1.7.x < 1.7.0_211 / 1.8.x < 1.8.0_201 / 1.11.x < 1.11.0_2 Multiple

Vulnerabilities (January 2019 CPU) (Unix) Java version updated Yes

Medium RHEL 7 : kernel (RHSA-2019:0163) Apply Security patches on Server - Redhat 7.6 Yes

Medium RHEL 7 : bind (RHSA-2019:0194) Apply Security patches on Server - Redhat 7.6 Yes

Medium RHEL 7 : polkit (RHSA-2019:0230) Apply Security patches on Server - Redhat 7.6 Yes

Medium RHEL 7 : systemd (RHSA-2019:0368) Apply Security patches on Server - Redhat 7.6 Yes

Medium RHEL 7 : python (RHSA-2019:0710) Apply Security patches on Server - Redhat 7.6 Yes

Medium RHEL 7 : kernel (RHSA-2019:0818) Apply Security patches on Server - Redhat 7.6 Yes

Medium RHEL 7 : kernel (RHSA-2019:1168) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad)

(MLPDS/RIDL) (MSBDS/Fallout) Apply Security patches on Server - Redhat 7.6 Yes

Medium RHEL 7 : python (RHSA-2019:1587) Apply Security patches on Server - Redhat 7.6 Yes

Low Low Network daemons not managed by the package system No

Low Low SSH Server CBC Mode Ciphers Enabled No

Low Low SSL/TLS Diffie-Hellman Modulus No

Low Low RHEL 7 : systemd (RHSA-2019:0201) Apply Security patches on Server - Redhat 7.6 Yes

Low Low RHEL 7 : openssl (RHSA-2019:0483) Apply Security patches on Server - Redhat 7.6 Yes

Android App Vulnerabilities

Vulnerability Action Low Application Data can be Backed Up Resolved by Vendor Yes

Low Use of Packages With Cryptographically Weak Hashing Algorithm No

Low App uses SQLite Database and execute raw SQL query No

High SSL Pining is not Implemented - Sensitive Data is in Transit Resolved by Vendor Yes

High Root Detection is not implemented Resolved by Vendor Yes

Medium Apache configured to run as proxy No

Medium Apache Proxy CONNECT method enabled No

Medium TLS 1.0 Enabled- No

Compliance with mobile application security guidelines of CBSL

Techcert comment BOC/EPIC Comments

3.0 Policy formulation BOC has not provided a policy document governing

all payment related mobile applications. Policy document will be provided.

4.0 Documentaion BOC has not provided a policy document governing

all payment related mobile applications. Policy document will be provided

5.0 Device Registration UUID is registered.

6.0 Authentication and Password Policy Multi factor authentication has not been implemented with IMEI,

SIM serial number, username/password and

PIN. -

7.0 Entering and Storing data Data shall be validated and sanitized

before being recorded in the

databases, Payment related mobile

application databases shall be hardened

for server side and client side. Done

8.0 Transport layer Protection SSL pining is not implemented with proper exception handling Done

9.0 Tampering Detection No checksum check is available for the application, applications was allowed to execute on

rooted devices, Emulator detection was not implemented.

Mobile application was allowed to run inside

a debugger/emulator. Done

Updated: Nov 01, 2022
Cite this page

SmartPayVulnerabilities-ActionTaken. (2019, Dec 04). Retrieved from https://studymoose.com/smartpayvulnerabilities-actiontaken-example-essay

SmartPayVulnerabilities-ActionTaken essay
Live chat  with support 24/7

👋 Hi! I’m your smart assistant Amy!

Don’t know where to start? Type your requirements and I’ll connect you to an academic expert within 3 minutes.

get help with your assignment