24/7 writing help on your phone
Save to my list
Remove from my list
Type Vulnerability Action Taken Resolved
Critical 2.2.1. Vulnerability : Oracle Java SE Multiple Vulnerabilities (July 2016 CPU) (Unix) - 0/tcp - general Java Version Updated Yes
High 2.3.1. Vulnerability : RHEL 7 : kernel (RHSA-2019:1481) (SACK Panic) (SACK Slowness) - 0/tcp - general Apply Security patches on Server - Redhat 7.
6 Yes
High 2.3.2. Vulnerability : RHEL 7 : bind (RHSA-2019:1294) - 0/tcp - general Apply Security patches on Server - Redhat 7.6 Yes
High 2.3.3. Vulnerability : RHEL 7 : libssh2 (RHSA-2019:0679) - 0/tcp - general Apply Security patches on Server - Redhat 7.6 Yes
High Vulnerability : RHEL 7 : kernel (RHSA-2019:0512) - 0/tcp - general Apply Security patches on Server - Redhat 7.6 Yes
High 2.3.5. Vulnerability : RHEL 7 : perl (RHSA-2019:0109) - 0/tcp - general Apply Security patches on Server - Redhat 7.6 Yes
High 2.3.6. Vulnerability : RHEL 7 : systemd (RHSA-2019:0049) - 0/tcp - general Apply Security patches on Server - Redhat 7.6 Yes
High 2.3.7. Vulnerability : RHEL 7 : NetworkManager (RHSA-2018:3665) - 0/tcp - general Apply Security patches on Server - Redhat 7.6 Yes
High 2.3.8. Vulnerability : RHEL 7 : kernel (RHSA-2018:3651) - 0/tcp - general Apply Security patches on Server - Redhat 7.6 Yes
High 2.3.9. Vulnerability : Oracle Java SE 1.7.0_221 / 1.8.0_211 / 1.11.0_3 / 1.12.0_1 Multiple Vulnerabilities
(Apr 2019 CPU) (Unix) - 0/tcp - general Java Version Updated Yes
High 2.3.10. Vulnerability : Oracle Java SE Multiple Vulnerabilities (April 2018 CPU) (Unix) - 0/tcp - general Java Version Updated Yes
High 2.3.11. Vulnerability : Oracle Java SE Multiple Vulnerabilities (January 2018 CPU) (Unix) - 0/tcp - general Java Version Updated Yes
High 2.3.12. Vulnerability : Oracle Java SE Multiple Vulnerabilities (October 2017 CPU) (Unix) - 0/tcp - general Java Version Updated Yes
High 2.3.13. Vulnerability : Oracle Java SE Multiple Vulnerabilities (July 2017 CPU) (Unix) - 0/tcp - general Java Version Updated Yes
High 2.3.14. Vulnerability : Oracle Java SE Multiple Vulnerabilities (April 2017 CPU) (Unix) - 0/tcp - general Java Version Updated Yes
High 2.3.15. Vulnerability : Oracle Java SE Multiple Vulnerabilities (January 2017 CPU) (Unix) (SWEET32) -
0/tcp - general Java Version Updated Yes
High 2.3.16. Vulnerability : Oracle Java SE Multiple Vulnerabilities (October 2016 CPU) (Unix) - 0/tcp - general Java Version Updated Yes
Medium 2.4.1. Vulnerability : RHEL 7 : python (RHSA-2019:1587) - 0/tcp - general Apply Security patches on Server - Redhat 7.6 Yes
Medium SSL Certificate Cannot Be Trusted T4s certificate in application server and boc.lk certificate is used in web servers. Yes
Medium SSL Self-Signed Certificate T4s certificate is installed application servers and boc.lk certificate is installed in web servers. Yes
Medium Oracle Java SE Multiple Vulnerabilities (July 2018 CPU) (Unix) Java version updated Yes
Medium Oracle Java SE Multiple Vulnerabilities (October 2018 CPU) (Unix) Java version updated Yes
Medium Oracle Java SE 1.7.x < 1.7.0_211 / 1.8.x < 1.8.0_201 / 1.11.x < 1.11.0_2 Multiple
Vulnerabilities (January 2019 CPU) (Unix) Java version updated Yes
Medium RHEL 7 : kernel (RHSA-2019:0163) Apply Security patches on Server - Redhat 7.6 Yes
Medium RHEL 7 : bind (RHSA-2019:0194) Apply Security patches on Server - Redhat 7.6 Yes
Medium RHEL 7 : polkit (RHSA-2019:0230) Apply Security patches on Server - Redhat 7.6 Yes
Medium RHEL 7 : systemd (RHSA-2019:0368) Apply Security patches on Server - Redhat 7.6 Yes
Medium RHEL 7 : python (RHSA-2019:0710) Apply Security patches on Server - Redhat 7.6 Yes
Medium RHEL 7 : kernel (RHSA-2019:0818) Apply Security patches on Server - Redhat 7.6 Yes
Medium RHEL 7 : kernel (RHSA-2019:1168) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad)
(MLPDS/RIDL) (MSBDS/Fallout) Apply Security patches on Server - Redhat 7.6 Yes
Medium RHEL 7 : python (RHSA-2019:1587) Apply Security patches on Server - Redhat 7.6 Yes
Low Low Network daemons not managed by the package system No
Low Low SSH Server CBC Mode Ciphers Enabled No
Low Low SSL/TLS Diffie-Hellman Modulus No
Low Low RHEL 7 : systemd (RHSA-2019:0201) Apply Security patches on Server - Redhat 7.6 Yes
Low Low RHEL 7 : openssl (RHSA-2019:0483) Apply Security patches on Server - Redhat 7.6 Yes
Vulnerability Action Low Application Data can be Backed Up Resolved by Vendor Yes
Low Use of Packages With Cryptographically Weak Hashing Algorithm No
Low App uses SQLite Database and execute raw SQL query No
High SSL Pining is not Implemented - Sensitive Data is in Transit Resolved by Vendor Yes
High Root Detection is not implemented Resolved by Vendor Yes
Medium Apache configured to run as proxy No
Medium Apache Proxy CONNECT method enabled No
Compliance with mobile application security guidelines of CBSL
3.0 Policy formulation BOC has not provided a policy document governing
all payment related mobile applications. Policy document will be provided.
4.0 Documentaion BOC has not provided a policy document governing
all payment related mobile applications. Policy document will be provided
5.0 Device Registration UUID is registered.
6.0 Authentication and Password Policy Multi factor authentication has not been implemented with IMEI,
SIM serial number, username/password and
7.0 Entering and Storing data Data shall be validated and sanitized
application databases shall be hardened
8.0 Transport layer Protection SSL pining is not implemented with proper exception handling Done
9.0 Tampering Detection No checksum check is available for the application, applications was allowed to execute on
rooted devices, Emulator detection was not implemented.
Mobile application was allowed to run inside
SmartPayVulnerabilities-ActionTaken. (2019, Dec 04). Retrieved from https://studymoose.com/smartpayvulnerabilities-actiontaken-example-essay
👋 Hi! I’m your smart assistant Amy!
Don’t know where to start? Type your requirements and I’ll connect you to an academic expert within 3 minutes.
get help with your assignment