Analyzing Oracle Security – Oracle Critical Patch Update for October 2018

Today Oracle has released its quarterly patch update for October 2018. It fixes 301 vulnerabilities. The main highlights are as follows: Oracle closed 1119 issues in 2018 in total that is the same as in 2017. CPU for October 2018 contains 162 vulnerabi… Continue reading Analyzing Oracle Security – Oracle Critical Patch Update for October 2018

EAS-SEC. Oracle PeopleSoft Security Configuration. Part 10: Logging of Security Events

One of the most important aspects to ensure the PeopleSoft security is security event logging in place. In case of an incident (which is likely to happen since there are plenty of settings and it is difficult to control all of them), only the security … Continue reading EAS-SEC. Oracle PeopleSoft Security Configuration. Part 10: Logging of Security Events

EAS-SEC. Oracle PeopleSoft security configuration. Part 9: Insecure trusted connections

Various solutions may be used to create intersystem business processes. The trusted relationships or Single Sign-on (SSO) between PeopleSoft systems allow minimizing the authentication requirements. If the calling PeopleSoft system (Node) accepts the c… Continue reading EAS-SEC. Oracle PeopleSoft security configuration. Part 9: Insecure trusted connections

PeopleSoft JOLTandBLEED

As a matter of urgency, Oracle has released 5 patches addressing severe vulnerabilities identified by the ERPScan team. The most critical of them have the highest CVSS base score of 9.9 and even 10.0 and may be exploited over a network without the need for a valid username and password. The issues affect the Jolt […]

The post PeopleSoft JOLTandBLEED appeared first on ERPScan.

The post PeopleSoft JOLTandBLEED appeared first on Security Boulevard.

Continue reading PeopleSoft JOLTandBLEED

EAS-SEC. Oracle PeopleSoft Security Configuration. Part 8: Access control and SoD conflicts

PeopleSoft has multiple functional opportunities, which are implemented through programs, transactions, and reports. An access to these objects should be strictly regulated by defining user profiles, roles and permission lists as the access to critical actions (e.g. access to modify data or to read any tables) enables users to attack PeopleSoft systems in order to […]

The post EAS-SEC. Oracle PeopleSoft Security Configuration. Part 8: Access control and SoD conflicts appeared first on ERPScan.

The post EAS-SEC. Oracle PeopleSoft Security Configuration. Part 8: Access control and SoD conflicts appeared first on Security Boulevard.

Continue reading EAS-SEC. Oracle PeopleSoft Security Configuration. Part 8: Access control and SoD conflicts

Analyzing Oracle Security – Oracle Critical Patch Update October 2017

Today Oracle has released its quarterly patch update for October 2017. It fixes a total of 252 vulnerabilities. The main highlights are as follows: Oracle closed 1119 issues in 2017 in total and the average number of security issues in 2017 is 22% more than in 2016. October’s CPU contains recording 155 vulnerabilities in Business-Critical […]

The post Analyzing Oracle Security – Oracle Critical Patch Update October 2017 appeared first on ERPScan.

The post Analyzing Oracle Security – Oracle Critical Patch Update October 2017 appeared first on Security Boulevard.

Continue reading Analyzing Oracle Security – Oracle Critical Patch Update October 2017