After the release of our threat report about a critical vulnerability on “Unauthorized Business Data Exfiltration Vulnerability”, we are continuing our series of blogpost about Oracle E-Business Suite security. To keep our readers informed about security risks and mitigation techniques to Oracle’s biggest ERP, E-Business Suite (EBS), we will continue to publish blogs on a monthly basis.
As our readers know, we continuously share details to raise awareness and enable organizations to further secure their SAP infrastructure. In this specific blog, we will focus on one of the well-known SAP default users: TMSADM. What the security implications are of having it enabled with default passwords, and how to properly protect it? As you can imagine, it is not as simple as it sounds, so that’s why we created this blogpost for you.
It’s the second Tuesday of the month, meaning another round of monthly SAP notes have been released. Below is our monthly analysis regarding the SAP vulnerabilities fixed, to help you keep your ERP environment safe and protected. For another month, there are no new notes tagged as Hot News, now making a four month streak in which notes of this severity are absent. There is still a need for action however, since three notes were reported as having High priority.
As a security vendor and Research Labs with the goal of protecting our customer’s business-critical applications we also have the continuous balance of proactively informing the community about emerging threats affecting their critical applications. A big part of this is our continuous work with vendors to help them secure vulnerabilities in their software. Today, for the third time, the July 2017 Oracle Critical Patch Update breaks a record on number of patched bugs with 308 vulnerabilities solved.