Multiple significant security vulnerabilities (CVE-2021-44228, CVE-2021-45046, and CVE-2021-4104) have been disclosed and patched in the popular Java logging library Apache Log4j. This library is installed in Oracle E-Business Suite (EBS) environments and these vulnerabilities may be exploitable in your environment depending on Oracle EBS version, Oracle EBS patches applied, and customizations or third-party products.
Thursday, January 28, 2021 - 2:00 pm to 3:00 pm EST
Oracle E-Business Suite Security for Auditors
Thursday, December 17, 2020 - 2:00 pm to 3:00 pm EST
Is Your Sensitive Data Playing Hide and Seek with You?
Thursday, December 12, 2019 - 2:00 pm EST
Two Oracle E-Business Suite security vulnerabilities (CVE-2019-2638, CVE-2019-2633) fixed in April 2019 Oracle Critical Patch Update (CPU) have been recently publicized. These vulnerabilities allow an attacker to execute arbitrary SQL statements in the Oracle E-Business Suite data that can result in complete compromise of the environment including fraudulent transactions, changing of bank accounts, and circumvention of application security controls.
Heading to COLLABORATE 19? For the 12th consecutive year, Integrigy will be presenting on Oracle E-Business security, Oracle Database security, and PeopleSoft security. If you will be attending, be sure to schedule in one or more of our presentations.
Oracle E-Business Suite Security
Top 10 Oracle E-Business Suite Security Risks Tuesday April 9 - 10:30 AM-11:30 AM - GH 4th FL Republic C
As with almost all previous Oracle E-Business Suite Critical Patch Updates (CPU), the July 2018 quarterly patch is significant and high-risk for PeopleSoft applications. Despite the publicity, marketing, or naming of specific vulnerabilities, this quarter is no different than previous quarters in terms of risk and prioritization within your organization.
For this quarter, there are 15 security vulnerabilities patches in PeopleSoft applications and PeopleTools --
Oracle has released an out-of-cycle security advisory (CVE-2017-10151) for a vulnerability affecting Oracle Identity Manager. This vulnerability has a CVSS 3.0 base score of 10 out of 10. Oracle Identity Manager is the identity governance component within the Oracle Identity Management solution. All supported versions of Identity Manager are impacted from 11.1.1.7 to 12.2.1.3.0. Most likely 11.1.1.1 through 11.1.1.6 are also vulnerable. Previous Identity Manager