Clik here to view.
PeopleSoft Passwords Decryption
We continue to familiarize you with PeopleSoft security aspects and share the latest research directly from our lab, hot and tasty. The topic of today’s research is … Passwords! Right, it’s a...
View ArticleClik here to view.
Analyzing Oracle Security – Oracle Critical Patch Update October 2017
Today Oracle has released its quarterly patch update for October 2017. It fixes a total of 252 vulnerabilities. The main highlights are as follows: Oracle closed 1119 issues in 2017 in total and the...
View ArticleEAS-SEC. Oracle PeopleSoft Security Configuration. Part 8: Access control and...
PeopleSoft has multiple functional opportunities, which are implemented through programs, transactions, and reports. An access to these objects should be strictly regulated by defining user profiles,...
View ArticlePeopleSoft JOLTandBLEED Vulnerability
As a matter of urgency, Oracle has released 5 patches addressing severe vulnerabilities identified by the ERPScan team. The most critical of them have the highest CVSS base score of 9.9 and even 10.0...
View ArticleEAS-SEC. Oracle PeopleSoft security configuration. Part 9: Insecure trusted...
Various solutions may be used to create intersystem business processes. The trusted relationships or Single Sign-on (SSO) between PeopleSoft systems allow minimizing the authentication requirements. If...
View ArticleClik here to view.
EAS-SEC. Oracle PeopleSoft Security Configuration. Part 10: Logging of...
One of the most important aspects to ensure the PeopleSoft security is security event logging in place. In case of an incident (which is likely to happen since there are plenty of settings and it is...
View ArticleClik here to view.
JOLTandBLEED Details and PoC
On November 15, 2017, Oracle published urgent critical updates related to JOLTandBLEED vulnerability (CVE 2017-10269). Today we released its proof of concept. As you remember, this vulnerability...
View ArticleClik here to view.
Analyzing Oracle Security – Oracle Critical Patch Update January 2018
Today Oracle has released its quarterly patch update for January 2018. It fixes a total of 237 vulnerabilities. The main highlights are as follows: The current CPU contains 153 vulnerabilities in...
View Article[ERPSCAN-18-001] Information Disclosure in PeopleSoft Listening Connector
Application: Oracle PeopleSoft Versions Affected: Oracle PeopleTools 8.54 – 8.56 Vendor: Oracle Bugs: Information Disclosure Reported: 15.06.2017 Vendor response: 16.06.2017 Date of Public Advisory:...
View ArticleClik here to view.
Analyzing Oracle Security – Oracle Critical Patch Update for October 2018
Today Oracle has released its quarterly patch update for October 2018. It fixes 301 vulnerabilities. The main highlights are as follows: Oracle closed 1119 issues in 2018 in total that is the same as...
View Article