PeopleSoft JOLTandBLEED

As a matter of urgency, Oracle has released 5 patches addressing severe vulnerabilities identified by the ERPScan team. The most critical of them have the highest CVSS base score of 9.9 and even 10.0 and may be exploited over a network without the need for a valid username and password. The issues affect the Jolt The post PeopleSoft JOLTandBLEED appeared first on ERPScan.
Read more

SAP Cyber Threat Intelligence report – November 2017

The SAP threat landscape is always expanding thus putting organizations of all sizes and industries at risk of cyberattacks. The idea behind SAP Cyber Threat Intelligence report is to provide an insight into the latest security threats and vulnerabilities. Key takeaways This set of SAP Security Notes consists of 32 patches with the majority of The post SAP Cyber Threat Intelligence report – November 2017 appeared first on ERPScan.
Read more

EAS-SEC. Oracle PeopleSoft Security Configuration. Part 8: Access control and SoD conflicts

PeopleSoft has multiple functional opportunities, which are implemented through programs, transactions, and reports. An access to these objects should be strictly regulated by defining user profiles, roles and permission lists as the access to critical actions (e.g. access to modify data or to read any tables) enables users to attack PeopleSoft systems in order to The post EAS-SEC. Oracle PeopleSoft Security Configuration. Part 8: Access control and SoD conflicts appeared first on ERPScan.
Read more

GDPR for SAP: How to monitor personal data access?

This is the final article of “GDPR for SAP” series devoted to implementation of GDPR requirements in SAP environments. Today we’ll review a number of ways provided by SAP to monitor access to personal data in SAP systems. Why is it important? SAP systems are constantly changing: people come and go; authorization concept becomes obsolete The post GDPR for SAP: How to monitor personal data access? appeared first on ERPScan.
Read more

SAP HANA for Dummies

This article is the beginning of a series of articles “SAP HANA for Dummies” devoted to the review of the main features and security issues of SAP HANA. We will consider the key aspects of the system itself, its security and also we will pay attention to vulnerabilities of its several modules. The main purpose The post SAP HANA for Dummies appeared first on ERPScan.
Read more

Analyzing Oracle Security – Oracle Critical Patch Update October 2017

Today Oracle has released its quarterly patch update for October 2017. It fixes a total of 252 vulnerabilities. The main highlights are as follows: Oracle closed 1119 issues in 2017 in total and the average number of security issues in 2017 is 22% more than in 2016. October’s CPU contains recording 155 vulnerabilities in Business-Critical The post Analyzing Oracle Security – Oracle Critical Patch Update October 2017 appeared first on ERPScan.
Read more

PeopleSoft Passwords Decryption

We continue to familiarize you with PeopleSoft security aspects and share the latest research directly from our lab, hot and tasty. The topic of today’s research is … Passwords! Right, it’s a never-ending topic. I will describe how to decrypt PeopleSoft application-specific passwords for fun and profit. Information provided in this article can cut both The post PeopleSoft Passwords Decryption appeared first on ERPScan.
Read more

SAP Cyber Threat Intelligence report – October 2017

The SAP threat landscape is always growing thus putting organizations of all sizes and industries at risk of cyberattacks. The idea behind SAP Cyber Threat Intelligence report is to provide an insight into the latest security threats and vulnerabilities. Key takeaways This set of SAP Security Notes consists of 30 patches with the majority of The post SAP Cyber Threat Intelligence report – October 2017 appeared first on ERPScan.
Read more

ABAP Code Injection

We continue describing categories from the list that we discussed in our Introduction to Secure ABAP Development Guide and pursue “Injections”, a type of vulnerabilities occurs when an application provides no or a bad user input validation. An attacker can inject malicious data, thus performing non-intended actions in a system. Such vulnerability may result in the major The post ABAP Code Injection appeared first on ERPScan.
Read more

EAS-SEC. Oracle PeopleSoft Security Configuration. Part 7: Unencrypted connections

The PeopleSoft Internet Architecture (PIA) is a multi-component system with a lot of cross-component interactions and numerous types of interactions between users and external systems. Therefore, various ways exist to attack the interaction channel. In PIA that is shown below (see figure 1), the following connections are used: HTTP Jolt / Tuxedo RDBMS connections (SQL) The post EAS-SEC. Oracle PeopleSoft Security Configuration. Part 7: Unencrypted connections appeared first on ERPScan.
Read more
Page 1 of 212