Oracle E-Business Suite FNDFS Vulnerability
The Oracle Applications FNDFS program, used to retrieve report output from the Concurrent Manager server, can be used to remotely retrieve any file from the server without operating system or...
View ArticleOracle Critical Patch Update - October 2005 - E-Business Suite Impact
Oracle today released its fourth Critical Patch Update (October 2005). The patches contained in the Critical Patch Update will correct numerous security bugs in the Oracle Database, Oracle Application...
View ArticleClik here to view.
Hidden Security Threats in Oracle E-Business Suite
This is the first in a series of webinars by ERP Risk Advisors and Integrigy presenting on the hidden security threats found in the Oracle E-Business Suite. Internal auditors often focus on the...
View ArticleClik here to view.
Oracle E-Business Suite Account Password Decryption Threat Explored
Oracle E-Business Suite end-user account passwords may be decrypted and used to commit fraud or bypass application controls. This inherent security weakness in the application can be fixed in most...
View ArticleOpenSSL Heartbleed (CVE-2014-0160) and Oracle E-Business Suite Impact
Integrigy has completed an in-depth security analysis of the "Heartbleed" vulnerability in OpenSSL (CVE-2014-0160) and the impact on Oracle E-Business Suite 11i (11.5) and R12 (12.0, 12.1, and 12.2)...
View ArticleClik here to view.
OpenSSL Heartbleed (CVE-2014-0160) and Oracle E-Business Suite Impact
Oracle E-Business Suite environments may or may not be vulnerable to the “Heartbleed” OpenSSL vulnerability (CVE-2014-0160) depending on the deployment architecture. Oracle has released guidance in...
View ArticleClik here to view.
SSLv3 POODLE (CVE-2014-3566) Vulnerability and Oracle E-Business Suite Impact
Oracle E-Business Suite environments may be vulnerable to the recently disclosed “POODLE” SSLv3 vulnerability (CVE-2014-3566) depending on where SSL termination is performed for the application....
View ArticleClik here to view.
Oracle EBS SYS.DUAL PUBLIC Privileges Security Issue Analysis (CVE-2015-0393)
Oracle E-Business Suite environments may be vulnerable due to excessive privileges granted on the SYS.DUAL table to PUBLIC. This security issue has been resolved in the January 2015 Oracle Critical...
View ArticleUPDATED: Oracle EBS SYS.DUAL PUBLIC Privileges Security Issue Analysis...
Oracle E-Business Suite environments may be vulnerable due to excessive privileges granted on the SYS.DUAL table to PUBLIC. This security issue has been resolved in the January 2015 Oracle Critical...
View ArticleOracle E-Business Suite FNDFS Vulnerability
The Oracle Applications FNDFS program, used to retrieve report output from the Concurrent Manager server, can be used to remotely retrieve any file from the server without operating system or...
View ArticleOracle Critical Patch Update - October 2005 - E-Business Suite Impact
Oracle today released its fourth Critical Patch Update (October 2005). The patches contained in the Critical Patch Update will correct numerous security bugs in the Oracle Database, Oracle Application...
View ArticleClik here to view.
Hidden Security Threats in Oracle E-Business Suite
This is the first in a series of webinars by ERP Risk Advisors and Integrigy presenting on the hidden security threats found in the Oracle E-Business Suite. Internal auditors often focus on the...
View ArticleClik here to view.
Oracle E-Business Suite Account Password Decryption Threat Explored
Oracle E-Business Suite end-user account passwords may be decrypted and used to commit fraud or bypass application controls. This inherent security weakness in the application can be fixed in most...
View ArticleClik here to view.
OpenSSL Heartbleed (CVE-2014-0160) and Oracle E-Business Suite Impact
Oracle E-Business Suite environments may or may not be vulnerable to the “Heartbleed” OpenSSL vulnerability (CVE-2014-0160) depending on the deployment architecture. Oracle has released guidance in...
View ArticleOpenSSL Heartbleed (CVE-2014-0160) and Oracle E-Business Suite Impact
Integrigy has completed an in-depth security analysis of the "Heartbleed" vulnerability in OpenSSL (CVE-2014-0160) and the impact on Oracle E-Business Suite 11i (11.5) and R12 (12.0, 12.1, and 12.2)...
View ArticleClik here to view.
SSLv3 POODLE (CVE-2014-3566) Vulnerability and Oracle E-Business Suite Impact
Oracle E-Business Suite environments may be vulnerable to the recently disclosed “POODLE” SSLv3 vulnerability (CVE-2014-3566) depending on where SSL termination is performed for the application....
View ArticleClik here to view.
Oracle EBS SYS.DUAL PUBLIC Privileges Security Issue Analysis (CVE-2015-0393)
Oracle E-Business Suite environments may be vulnerable due to excessive privileges granted on the SYS.DUAL table to PUBLIC. This security issue has been resolved in the January 2015 Oracle Critical...
View ArticleUPDATED: Oracle EBS SYS.DUAL PUBLIC Privileges Security Issue Analysis...
Oracle E-Business Suite environments may be vulnerable due to excessive privileges granted on the SYS.DUAL table to PUBLIC. This security issue has been resolved in the January 2015 Oracle Critical...
View ArticleClik here to view.
Oracle Database TNS Poisoning Attacks (CVE-2012-1675)
In 2012, details of a vulnerability in the Oracle Database listener were published that allows an attacker to register with the database listener and to intercept and modify TNS network traffic between...
View ArticleOracle Discoverer Security Alert - High impact to SOX Compliance and...
For those clients using Oracle Discoverer, especially those using Discoverer with the Oracle E-Business Suite for financial reporting, the October 2016 Oracle Critical Patch Update (CPU) include a...
View Article
