April 2018 Oracle Critical Patch Update: Oracle Patches 254 Vulnerabilities, 176 Specific to Financials
As a security vendor and Research Labs with the goal of protecting our customer’s business-critical applications we also have the continuous balance of proactively informing the community about emerging threats affecting their critical applications. A big part of this is our continuous work with vendors to help them secure vulnerabilities in their software. Today, for the third time, the July 2017 Oracle Critical Patch Update breaks a record on number of patched bugs with 308 vulnerabilities solved.
This is the fourth consecutive blog post in our series on how to make Oracle E-Business Suite more secure. In this post, we will focus on reducing the attack surface - something that is a critical component for any successful information security strategy. The more you can reduce the components that are exposed to attackers (and to vulnerabilities), the more you can focus on keeping your exposed systems secure. In Oracle E-Business Suite, this feature is called Allowed JSPs and Allowed resources.
Last week, we begin a blogpost series with the objective of reviewing Oracle E-Business Suite Security. The first publication detailed how to activate the Server Security Feature, and in today’s post we will focus on password hashing. We will analyze the different types of hashing and how it is implemented in Oracle E-Business Suite.
Yesterday, Oracle released its quarterly security patches and what a record breaking CPU it was! With close to 300 published patches, this marks the highest number of patches released to date for any CPU. This further validates the trend we have seen in previous CPU’s which is to correct more vulnerabilities in Oracle products due to increased research submissions targeting different Oracle products.
In this month's post we will analyze the January 2017 Oracle Critical Patch Update (CPU) and how it relates to Oracle Business Critical Applications. This CPU is special because the number of vulnerabilities fixed sets a new record for the amount of vulnerabilities fixed in a single CPU for Business Critical Applications. At Onapsis, we believe there are two main factors that contribute to this record breaking number of vulnerabilities in a single CPU. These two factors are the Researchers and of course, Oracle itself.
Yesterday, Oracle released its quarterly Critical Patch Update (CPU) to provide customers with detailed information about the latest vulnerabilities affecting Oracle business critical applications. This post will help Oracle customers better understand and prioritize the implementation of patches and testing of vulnerabilities on these systems within their organization. In this CPU, Oracle published 253 patches which affect 76 different Oracle products. We will analyze the Critical Patch Update and then will focus on the Oracle E-Business Suite vulnerabilities.
Today we have released 12 new Oracle application advisories which affect two different products: Oracle E-Business Suite and JD Edwards. The advisories include various types of vulnerabilities such as Cross Site Scripting, Denial of Service, Password Disclosure and User Creation. After great success uncovering hundreds of vulnerabilities in SAP systems, our Research Labs are expanding our security advisories to now include Oracle products.