The Manager's Guide to Securing the Oracle E-Business Suite
Upcoming Webinar: The Manager's Guide to Securing the Oracle E-Business SuiteThe Manager's Guide to Securing the Oracle E-Business SuiteWednesday, June 20, 2:00pm - 3:00pm EDTFor those of you that...
View ArticleUpcoming Webinar: Credit Cards and Oracle E-Business Suite - Security and PCI...
Upcoming Webinar: Credit Cards and Oracle E-Business Suite - Security and PCI Compliance IssuesCredit Cards and Oracle E-Business Suite - Security and PCI Compliance IssuesThursday, August 16, 2:00pm -...
View ArticleInformation Disclosure through Default Apache Scripts
As part of a default Apache installation, two default cgi-bin scripts, printenv and test-cgi, are installed. Oracle has included these scripts in the installation of 11i. This script provides...
View ArticleInternet Connected Applications and Search Engines
Oracle E-Business Suite self-service applications are often connected to the Internet for direct access by customers, suppliers, and employees. Using search engines (Google, Altavista, etc.) and simple...
View ArticleOracle Reports Server APPS Password Disclosure
The Oracle Reports Server may disclose the current APPS password. Oracle Reports Server is installed as part of the default installation and is used by Oracle Business Intelligence (BIS) and related...
View ArticleOracle E-Business Suite FNDFS Vulnerability
The Oracle Applications FNDFS program, used to retrieve report output from the Concurrent Manager server, can be used to remotely retrieve any file from the server without operating system or...
View ArticleOracle E-Business Suite AOL/J Setup Test Information Disclosure
Integrigy Security Alert______________________________________________________________________Â Oracle E-Business Suite AOL/J Setup Test Information DisclosureJuly 23,...
View ArticleOracle E-Business Suite FNDWRR Buffer Overflow
The Oracle Applications FNDWRR CGI program, used to retrieve report output from the Concurrent Manager server via a web browser, has a remotely exploitable buffer overflow. A mandatory patch from...
View ArticleOracle E-Business Suite - Multiple SQL Injection Vulnerabilities
Multiple SQL injection vulnerabilities exist in the Oracle E-Business Suite 11i and Oracle Applications 11.0. These vulnerabilities can be remotely exploited simply using a browser and sending a...
View ArticleClik here to view.
Oracle Applications 11i Encrypted Password Disclosure
An undisclosed security vulnerability exists in Oracle Applications 11i that may allow an unauthenticated, internal attacker to obtain Oracle Applications' user account encrypted password strings,...
View ArticleOracle Critical Patch Update - October 2005 - E-Business Suite Impact
Oracle today released its fourth Critical Patch Update (October 2005). The patches contained in the Critical Patch Update will correct numerous security bugs in the Oracle Database, Oracle Application...
View ArticleOracle Critical Patch Update April 2011 Pre-Release Analysis
Here is a brief analysis of the pre-release announcement for the upcoming April 2011 Oracle Critical Patch Update (CPU) - Overall, 47 Oracle security vulnerabilities (non-Solaris bugs) are fixed in...
View ArticleUpcoming Webinar: Improve Security in Your Oracle R12 Upgrade
Improve Security in Your Oracle R12 UpgradeThursday, May 12, 2010 2:00 PM - 3:00 PM EDTThe upgrade from Oracle E-Business Suite (EBS) 11i to R12 is a unique opportunity to improve the security of your...
View ArticleOpenSSL Heartbleed (CVE-2014-0160) and Oracle E-Business Suite Impact
Integrigy has completed an in-depth security analysis of the "Heartbleed" vulnerability in OpenSSL (CVE-2014-0160) and the impact on Oracle E-Business Suite 11i (11.5) and R12 (12.0, 12.1, and 12.2)...
View ArticleClik here to view.
OBIEE Authentication Using the Oracle E-Business Suite
There are two primary options for sharing authentication solutions with the Oracle E-Business Suite. The Oracle E-Business Suite and OBIEE both can take advantage of Oracle’s Single Sign-On (SSO)...
View ArticleClik here to view.
Securing Oracle E-Business Suite Privileged Accounts: APPS, SYSADMIN, oracle
In an Oracle E-Business Suite environment, there are a number of generic, privileged accounts at the database, application, and operating system layers.  Often, there is little control or active...
View ArticleOracle E-Business Suite Security - Signed JAR Files - What Should You Do
Until recently the Oracle E-Business Suite allowed self-designed certificates to assure the validity of Java code run within end-users’ browsers. This meant that the Java JAR files downloaded from the...
View ArticleOracle E-Business Suite Denial of Service Attacks and Locking the APPS Password
My wake-up call one day last week came from an acquaintance. Somebody at his company typed the APPS password in wrong too many times and locked the APPS database account. This caused the Oracle...
View ArticleClik here to view.
Splunk DB Connect Tail for Oracle E-Business Sign-on Audit
Integrigy has received a lot of great feedback about our Framework for logging and auditing the Oracle E-Business Suite.  The Framework is posted here. The Framework is a direct result of our...
View ArticleOracle E-Business Suite Security, Java 7 and Auto-Update
Maintaining a secure Oracle E-Business Suite implementation requires constant vigilance. For the desktop clients accessing Oracle E-Business Suite, Integrigy recommends running the latest version of...
View Article