APPS Blogs

JRE 1.6.0_121 Certified with Oracle E-Business Suite 12.x

Steven Chan - Wed, 2016-07-20 02:05
Java logThe latest Java Runtime Environment 1.6.0_121 (a.k.a. JRE 6u121-b9) and later updates on the JRE 6 codeline are now certified with Oracle E-Business Suite Release 12.x for Windows-based desktop clients.

All JRE 6, 7, and 8 releases are certified with EBS upon release

Our standard policy is that all E-Business Suite customers can apply all JRE updates to end-user desktops:

  • From JRE 1.6.0_03 and later updates on the JRE 6 codeline
  • From JRE 1.7.0_10 and later updates on the JRE 7 codeline 
  • From JRE 1.8.0_25 and later updates on the JRE 8 codeline
We test all new JRE releases in parallel with the JRE development process, so all new JRE releases are considered certified with the E-Business Suite on the same day that they're released by our Java team. 

You do not need to wait for a certification announcement before applying new JRE 6, 7, or 8 releases to your EBS users' desktops.

Effects of new support dates on Java upgrades for EBS environments

Support dates for the E-Business Suite and Java have changed.  Please review the sections below for more details:

  • What does this mean for Oracle E-Business Suite users?
  • Will EBS users be forced to upgrade to JRE 7 for Windows desktop clients?
  • Will EBS users be forced to upgrade to JDK 7 for EBS application tier servers?

New EBS installation scripts

This JRE release is the first with a 3-digit Java version. Installing this in your EBS 11i and 12.x environments will require new installation scripts.  See the documentation listed in the 'References' section for more detail.

32-bit and 64-bit versions certified

This certification includes both the 32-bit and 64-bit JRE versions for various Windows operating systems. See the respective Deploying JRE documentation for your EBS release for details.

Implications of Java 6 End of Public Updates for EBS Users

The Support Roadmap for Oracle Java is published here:

The latest updates to that page (as of Sept. 19, 2012) state:

Java SE 6 End of Public Updates Notice

After February 2013, Oracle will no longer post updates of Java SE 6 to its public download sites. Existing Java SE 6 downloads already posted as of February 2013 will remain accessible in the Java Archive on Oracle Technology Network. Developers and end-users are encouraged to update to more recent Java SE versions that remain available for public download. For enterprise customers, who need continued access to critical bug fixes and security fixes as well as general maintenance for Java SE 6 or older versions, long term support is available through Oracle Java SE Support .

What does this mean for Oracle E-Business Suite users?

EBS users fall under the category of "enterprise users" above.  Java is an integral part of the Oracle E-Business Suite technology stack, so EBS users will continue to receive Java SE 6 updates from February 2013 to the end of Java SE 6 Extended Support in June 2017.

In other words, nothing changes for EBS users after February 2013. 

EBS users will continue to receive critical bug fixes and security fixes as well as general maintenance for Java SE 6 until the end of Java SE 6 Extended Support in June 2017. 

How can EBS customers obtain Java 6 updates after the public end-of-life?

Java 6 is now available only via My Oracle Support for E-Business Suite users.  You can find links to this release, including Release Notes, documentation, and the actual Java downloads here: Both JDK and JRE packages are contained in a single combined download after 6u45.  Download the "JDK" package for both the desktop client JRE and the server-side JDK package.

Coexistence of multiple JRE releases Windows desktops

The upgrade to JRE 8 is recommended for EBS users, but some users may need to run older versions of JRE 6 or 7 on their Windows desktops for reasons unrelated to the E-Business Suite.

Most EBS configurations with IE and Firefox use non-static versioning by default. JRE 8 will be invoked instead of earlier JRE releases if both are installed on a Windows desktop. For more details, see "Appendix B: Static vs. Non-static Versioning and Set Up Options" in Notes 290807.1 and 393931.1.

What do Mac users need?

Mac users running Mac OS X 10.10 (Yosemite) can run JRE 7 or 8 plug-ins.  See:

Will EBS users be forced to upgrade to JDK 7 for EBS application tier servers?

JRE is used for desktop clients.  JDK is used for application tier servers

JDK upgrades for E-Business Suite application tier servers are highly recommended but currently remain optional while Java 6 is covered by Extended Support. Updates will be delivered via My Oracle Support, where you can continue to receive critical bug fixes and security fixes as well as general maintenance for JDK 6 for application tier servers. 

Java SE 6 is covered by Extended Support until June 2017.  All EBS customers with application tier servers on Windows, Solaris, and Linux must upgrade to JDK 7 by June 2017. EBS customers running their application tier servers on other operating systems should check with their respective vendors for the support dates for those platforms.

JDK 7 is certified with E-Business Suite 12.  See:

References

Related Articles

Categories: APPS Blogs

Critical Patch Update for July 2016 Now Available

Steven Chan - Tue, 2016-07-19 14:45

The Critical Patch Update (CPU) for July 2016 was released on July 19, 2016. Oracle strongly recommends applying the patches as soon as possible.

The Critical Patch Update Advisory is the starting point for relevant information. It includes a list of products affected, pointers to obtain the patches, a summary of the security vulnerabilities, and links to other important documents.

Supported products that are not listed in the "Supported Products and Components Affected" Section of the advisory do not require new patches to be applied.

The Critical Patch Update Advisory is available at the following location:

It is essential to review the Critical Patch Update supporting documentation referenced in the Advisory before applying patches.

The next four Critical Patch Update release dates are:

  • October 18, 2016
  • January 17, 2017
  • April 18, 2017
  • July 18, 2017
References Related Articles

Categories: APPS Blogs

PeopleSoft Security User Authorization Audits

When performing a PeopleSoft security audit, reviewing what rights and privileges individual users have been granted for system and application security privileges (authorization) is one of the key deliverables. The following are several of the topics that Integrigy investigates during our PeopleSoft security configuration assessments - take a look today at your settings:

Review users with access to

  • PeopleTools
  • The SQR folder
  • Process scheduler
  • Security and other sensitive administration menus
  • Security and other sensitive administration roles
  • Web profiles
  • PeopleSoft Administrator Role
  • Correction mode

To check access to PeopleTools, use the following. If you need assistance with the other topics, let us know –

-- Access to PeopleTools

SELECT UNIQUE  A.OPRID, A.OPRDEFNDESC, A.ACCTLOCK, B.ROLENAME
FROM SYSADM.PSOPRDEFN A, SYSADM.PSROLEUSER B
WHERE A.OPRID = B.ROLEUSER
AND upper(B.ROLENAME) ='PEOPLETOOLS'
ORDER BY A.OPRID,B.ROLENAME;

 

If you have questions, please contact us at info@integrigy.com

Michael A. Miller, CISSP-ISSMP, CCSP

References

PeopleSoft Database Security

PeopleSoft Security Quick Reference

Auditing, Oracle PeopleSoft
Categories: APPS Blogs, Security Blogs

BPEL 12.2.1 Certified for Prebuilt EBS 12.2 SOA Integrations

Steven Chan - Thu, 2016-07-14 12:47

Service Oriented Architecture (SOA) integrations with Oracle E-Business Suite can either be custom integrations that you build yourself or prebuilt integrations from Oracle.  For more information about the differences between the two options for SOA integrations, see this previously-published certification announcement.

The prebuilt BPEL business processes in Oracle E-Business Suite Release 12.2 are:

  • Oracle Price Protection (DPP)
  • Advanced Supply Chain Planning (MSC)
  • Oracle Transportation Management: Oracle Warehouse Management (WMS)
  • Oracle Transportation Management: Oracle Shipping Execution (WSH)
  • Oracle Transportation Management: Oracle Purchasing (PO)
  • Complex Maintenance, Repair & Overhaul (CMRO/AHL)

BPEL integration architecture diagram example

These prebuilt BPEL processes have now been certified with Oracle BPEL Process Manager 12c version 12.2.1 (in Oracle Fusion Middleware SOA Suite 12c) for Oracle E-Business Suite Release 12.2.

References

Certified Platforms

Oracle SOA Suite Release 12g 12.2.1 is certified to run on any operating system upon which Oracle WebLogic Server 12c is certified. Check the following for more details:

For information on operating systems supported by Oracle SOA Suite, refer to this document:

Integration with Oracle SOA Suite involves components spanning several different suites of Oracle products. There are no restrictions on which platform any particular component may be installed so long as the platform is supported for that component.

Pending Certifications 

The certification for BPEL 12.2.1 with prebuilt EBS 12.1 SOA integrations is underway now. Oracle's Revenue Recognition rules prohibit us from discussing certification and release dates, but you're welcome to monitor or subscribe to this blog. I'll post updates here as soon as soon as they're available.   

Getting Support

If you need support for the prebuilt EBS BPEL business processes, you can log Service Requests against the Applications Technology Group product family.

Related Articles

Categories: APPS Blogs

Application Management Pack 13.1.1.1 for EM 13c Now Available

Steven Chan - Mon, 2016-07-11 15:24

Application Management Pack (AMP) 13.1.1.1 for Oracle E-Business Suite is now available.  This E-Business Suite plug-in for Oracle Enterprise Manager Cloud Control 13c can be used to manage Oracle E-Business Suite 11.5.10.2, 12.0, 12.1, and 12.2 environments.

What's new in this release?

  • Enterprise Manager 13c Compatibility
EM 13c includes several enhancements including a new Fusion Middleware technology stack, Alta skin user interface and (EBR) Edition Based Redefinition support.


  • Hybrid Cloud Management
Monitor and manage E-Business Suite environments on Oracle Cloud and On-premise. These capabilities are delivered as Enterprise Manager command line interface (EMCLI) to manage, provision, migrate, backup, restore, clone, patch, and lift-and-shift E-Business Suite on Oracle Cloud. 
  • System Management
    • Real User Experience Insight (RUEI)  regions integrated within E-Business Suite Summary Dashboard
    • Automated host aliasing

  • Change Management
    • Patch Recommendations: Deploy recommended E-Business Suite technology stack patches, including Database and WebLogic Server patches, using EM patch plans. 
    • Customization Management: View the inventory of customizations in an Oracle E-Business Suite environment. View or download a spreadsheet of discovered customizations by customization type. Customization Discovery & Reporting process now includes discovery of database objects. 
    • Cloning: Save cloning interview process as templates that can be used for future purposes for Smart Clone for R12, 12.2.x procedure, and add custom parameters to the cloning procedure. 

References

Downloads
The Oracle Application Management Suite for Oracle E-Business Suite can be downloaded and installed by using the Self Update feature of Oracle Enterprise Manager.

Related Articles

Categories: APPS Blogs

PeopleSoft Integration Broker (IB) Security

Securing the PeopleSoft Integration Broker (IB) ensures the security of messaging both within PeopleSoft applications and among third-party systems. The following are several of the key tasks that Integrigy performs during our PeopleSoft security configuration assessments - take a look today at your settings:

  • Ensure all inbound requests are required to use Secure Socket Layer security/Transport Layer Security (SSL/TLS)
  • Ensure that the default the PSKEY  password has been changed - The PSKEY is keystore contains all root and node certificates used by the Integration Gateway and PIA. Using the default or weak password is not best practice.
  • Ensure the IB node ANONYMOUS is appropriately privileged.  If IB connections do not specify a node name and credentials, IB will try to use the ANONYMOUS node and the “default user ID” tied to that node. This default user must not be a highly privileged user and should be granted the least number of privilege possible.
  • Review all other nodes for permissions appropriate for the business services supported by the node. Best practice is to use a unique UserID for each node that only has appropriate permissions to only to the required objects or related sets of operations.

The following attributes are also reviewed that govern IB activity :

Integration Broker Profile Values

Field

Description

Recommendation

IB_PROFILESTATUS

IB Profile Status. If enabled, IB will show performance information.

For production or Internet facing set to off.

IB_ENABLELOG

Enables logging

 

For production or Internet facing set to off.

IB_LOGLEVEL

Log Level  (if logging is enabled)

1= Standard gateway exception errors.

  1. 2 = All errors and warnings (Default.)
  • 3 = Errors, warnings and important information.
  • 4 = Errors, warnings, important and standard information.
  • 5= Errors, warnings important, standard and low importance information

Default: 2

IB_DEPTHLIMIT

Checks for recursion within messages (number of levels) to ensure that messages do not reference themselves.

Value between 3 and 50

Default: 20

IB_MASTER_OVERRIDE

Determines if Master processing returns statistics in the Output Information section after a Post.

For production or Internet facing set to off.

IB_PRE_848

Pre-848 Tools Release

Default is N

IB_MULTIACT_DOMAIN

By default, only one domain may be active in the Integration Broker system. However, PeopleSoft provides the option to enable the activation of multiple domains.

Off unless required.

IB_USEIPADDRESS

Determines if the application server URL for a synchronous slave template uses the application server IP address:  e.g. URL format from <machine name>:<jolt port> to IP address

On

 

If you have questions, please contact us at info@integrigy.com

Michael A. Miller, CISSP-ISSMP, CCSP

References

PeopleSoft Database Security

PeopleSoft Security Quick Reference

Oracle PeopleSoft
Categories: APPS Blogs, Security Blogs

PeopleSoft Logging and Auditing

Logging and auditing are one of the pillars of PeopleSoft Security.  Both application and database auditing is required. Logging and auditing support a trust-but-verify approach which is often deemed required to secure the activities of privileged system and database administrators.

While both the application and database offer sophisticated auditing solutions, one key feature Integrigy always recommends is to ensure that EnableDBMononitoring is enabled within the psappssrv.cfg file. This is set by default but we at times find it disabled.

When enabled EnableDBMononitoring allows PeopleSoft application auditing to bridge or flow into database auditing. This is done by populating the Oracle Client_Info variable with the PeopleSoft User Id, IP address and program name. With Oracle RDBMS auditing enabled, anything written to Client_Info is also written into the database audit logs.

In other words, with both database and EnableDBMononitoring enabled, you can report on which user updated what and when – not just that the PeopleSoft application or ‘Access ID’ issued an update statement.

The graphics below we commonly use to help review Integrigy’s approach to PeopleSoft logging and auditing.

If you have questions, please contact us at info@integrigy.com

Michael A. Miller, CISSP-ISSMP, CCSP

References

PeopleSoft Database Security

PeopleSoft Security Quick Reference

Auditing, Oracle PeopleSoft, Auditor
Categories: APPS Blogs, Security Blogs

Host Name Length Restrictions in E-Business Suite 12.1 and 12.2

Steven Chan - Mon, 2016-07-04 02:05

Oracle E-Business Suite Release 12 has a restriction on the lengths of the host names you can use.  The exact restriction depends on which of the following EBS Release Update Packs you have applied:

  • EBS Release Update Pack 12.2.5
  • EBS Release Update Pack 12.2.4, 12.2.3, 12.2.2, 12.1.3, 12.1.1

Each of these will be considered in turn.

Restriction in EBS Release Update Pack 12.2.5
When you run Rapid Install, you must ensure that the host names of your database node and primary applications node do not exceed 30 characters in length. Restriction in EBS Release Update Packs 12.2.4, 12.2.3, 12.2.2, 12.1.3, 12.1.1

The node names returned by the operating system for the database tier and application tier nodes must be no longer than 30 characters. If you configure your system to return only the host name for the node, then the host name must be no longer than 30 characters. If you configure your system to return the fully qualified domain name (FQDN), then the FQDN must be no longer than 30 characters, including the host name, domain name, and periods (.) used as separators.

Affected Rapid Install Screens

The following screens are where you need to ensure you enter host names that meet the current requirements.

Rapid Install Database Node Configuration Screen

Database Node

Rapid Install Primary Applications Node Configuration Screen

Primary Applications Node

This restriction is mentioned in Oracle E-Business Suite Installation Guide: Running Rapid Install and the release notes for the affected releases.

References

Related Articles
Categories: APPS Blogs

New OA Framework 12.2 Update 4 Now Available

Steven Chan - Fri, 2016-07-01 18:26

Web-based content in Oracle E-Business Suite 12 runs on the Oracle Application Framework (OAF or "OA Framework") user interface libraries and infrastructure.   Since the release of Oracle E-Business Suite 12.2 in 2013, we have released several cumulative updates to Oracle Application Framework to fix performance, security, and stability issues. 

These updates are provided in cumulative Release Update Packs, and cumulative Bundle Patches that can be applied on top of the Release Update Pack. "Cumulative" means that the latest RUP or Bundle Patch contains everything released earlier.

The latest OAF update is now available:

EBS 12.2.5 Bundle Patch 4

Where is the documentation for this update?

Instructions for installing this OAF Release Update Pack are here:

Who should apply this patch?

All EBS 12.2 users should apply this patch.  Future OAF patches for EBS 12.2 will require this patch as a prerequisite. 

What's new in this update?

Fixes are included for following critical issues:

  • Users intermittently getting FND_SESSION_MGR_INST_ERROR. On session timeout, clicking on any responsibility on the homepage throws error "Error while invoking main menu: Application: FND, Message Name:FND_SESSION_MGR_INST_ERROR.
  • Spacing and alignment issues for read only message Choice and text areas.
  • JAWS is not reading the confirmation message which appears after adding an attachment inline, successfully.
  • When the query string of a view object is modified in the controller to remove unused where clause parameter conditions, using 'export' results in an exception.
  • Reverted fix which enabled caching of errors for beans on which server validation was disabled.

This Bundle Patch requires the R12.ATG_PF.C.Delta.5 Release Update Pack as a mandatory prerequisite.

Related Articles


Categories: APPS Blogs

EBS 12.2 Data Masking Template Certified with EM 13c

Steven Chan - Thu, 2016-06-30 02:05

(Contributing author:  Nirzari Raichura)

We're pleased to announce the certification of the E-Business Suite 12.2 Data Masking Template for the Data Masking Pack with Enterprise Manager Cloud Control 13c.

You can use the Oracle Data Masking Pack with Oracle Enterprise Manager Cloud Control 13c to mask sensitive data in cloned Oracle E-Business Suite environments.  Due to data dependencies, scrambling E-Business Suite data is not a trivial task.  The data needs to be scrubbed in such a way that allows the application to continue to function. 

You may scramble data in E-Business Suite 12.2 cloned environments with EM13c using the My Oracle Support Note and template: 

What's New with Data Masking for EBS 12.2 and EM13c?

Online Patching with Oracle E-Business Suite 12.2 introduces the use of the Oracle Database feature Edition-Based Redefinition and editioning views.  The following updates occurred as part of this certification effort for compatibility with editioning views:

  • A new data masking template for Oracle E-Business Suite 12.2
  • New enhancements to the Data Masking Pack delivered with Oracle Enterprise Manager Cloud Control 13c
What does masking do in an Oracle E-Business Suite environment?

Based upon the knowledge of the Oracle E-Business Suite architecture and sensitive columns, application data masking does the following:

  • De-identifies the data:  Scramble identifiers of individuals, also known as personally identifiable information (PII).  Examples include information such as name, account, address, location, and driver's license number.
  • Masks sensitive data:  Mask data that, if associated with personally identifiable information (PII), would cause privacy concerns.  Examples include compensation, health and employment information.  
  • Maintains data validity:  Provide a fully functional application.
References

Related Articles

Categories: APPS Blogs

Quarterly EBS Upgrade Recommendations: June 2016 Edition

Steven Chan - Wed, 2016-06-29 14:00

We've previously provided advice on the general priorities for applying EBS updates and creating a comprehensive maintenance strategy.   

Here are our latest upgrade recommendations for E-Business Suite updates and technology stack components.  These quarterly recommendations are based upon the latest updates to Oracle's product strategies, latest support timelines, and newly-certified releases

You can research these yourself using this Note:

Upgrade Recommendations for June 2016

  1. EBS 11i users should upgrade to 12.1.3 or 12.2.  Before upgrading, 11i users should be on the minimum 11i patching baseline.

  2. EBS 12.0 users should upgrade to 12.1.3 or 12.2.  Before upgrading, 12.0 users should be on the minimum 12.0 patching baseline.

  3. EBS 12.1 users should upgrade to 12.1.3 RPC4 or 12.2.  Before upgrading, 12.1 users should be on the minimum minimum 12.1 patching baseline.

  4. EBS 12.1 users should switch their PKI certificates to SHA-2.

  5. EBS 12.2 users should upgrade to EBS 12.2.5, Database 11.2.0.4 or 12.1.0.2, the April 2016 AD tools, StartCD 50, and FMW 11.1.1.9.

  6. EBS 11i and 12.1 users should upgrade to Database 11.2.0.4 or 12.1.0.2.

  7. EBS 11i, 12.0, 12.1, and 12.2 customers should switch from Secure Socket Layer (SSL) to Transport Layer Security (TLS).

  8. EBS 11i, 12.0, 12.1, and 12.2 users must sign their environment's JAR files now.

  9. EBS 11i, 12.0, 12.1, 12.2 users should apply the April 2016 Critical Patch Update.

  10. Oracle Single Sign-On 10g users should migrate to OAM 11gR2 Patchset 3 11.1.2.3.0.

  11. Oracle Internet Directory users should upgrade to Oracle Internet Directory 11g 11.1.1.9.

  12. Oracle Discoverer users should migrate to Oracle Business Intelligence Enterprise Edition (OBIEE), Oracle Business Intelligence Applications (OBIA), or Discoverer 11g 11.1.1.7.

  13. Oracle Portal 10g users should migrate to Oracle WebCenter 11g 11.1.1.9 or upgrade to Portal 11g 11.1.1.6.

  14. Firefox users should upgrade to Firefox Extended Support Release 45.

  15. Windows desktop users should migrate from older Java releases (including JInitiator) to JRE 1.8.0_91/92 (or later JRE 1.8 updates), JRE 1.7.0_101 (or later 1.7 updates), or JRE 1.6.0_115 (or later 1.6 updates).

  16. Windows XP and Office 2003 users should upgrade to later versions.

  17. Windows Vista users should upgrade to a later version of Windows.

  18. Windows Internet Explorer users should upgrade to IE 11.

  19. EBS customers on Exalogic and Exadata should follow the latest recommendations.

Categories: APPS Blogs

TLS 1.2 Certified with E-Business Suite 12.2

Steven Chan - Tue, 2016-06-28 16:57

I'm pleased to announce that Oracle E-Business Suite 12.2 inbound, outbound, and loopback connections are now certified with TLS 1.2, 1.1, and 1.0. If you have not already migrated from SSL to TLS, you should begin planning the migration for your environment. 

For more information on patching and configuration requirements when migrating to TLS 1.2 from TLS 1.0 or SSL, refer to the following My Oracle Support Knowledge Document:

The steps and configuration outlined in MOS Note 1367293.1 will address recent security vulnerabilities (e.g. Weak Cipher Suites/FREAK, POODLE, DROWN).

Configuration Options

  • Certification with TLS 1.2, 1.1 and 1.0

    The default Oracle E-Business Suite 12.2 configuration allows for the handshake between the client and server to negotiate and use the highest version of TLS (either 1.2, 1.1, or 1.0) supported end-to-end by all parties.

For example, if the outbound connection used by iProcurement is by default configured for TLS 1.2, 1.1 and 1.0 and if a call is made from Oracle E-Business Suite iProcurement to an external site that supports TLS 1.2 and a common cipher suite is found, then TLS 1.2 will be used end-to-end. If a call is made from Oracle E-Business Suite iProcurement to an external site that supports TLS 1.1 and a common cipher suite is found, then the handshake negotiation will resolve to use TLS 1.1 for the connection encryption.

  • Restricting the TLS Protocol (Optional Configuration)

You may optionally configure Oracle E-Business Suite to use the highest level of TLS certified with Oracle E-Business Suite Release 12.2. This option currently allows you configure TLS 1.2 for all inbound, outbound and loopback connections. 

Warning: If you restrict Oracle E-Business Suite 12.2 to use only TLS 1.2, this configuration could result in the inability to connect to other sites or browsers that do not support TLS 1.2.

  • Restricting Connections to HTTPS Only (Optional Configuration)

You also may optionally configure Oracle E-Business Suite to disable the HTTP port and use the HTTPS port only. 

Where can I learn more?
There are several guides and documents that cover Oracle E-Business Suite 12.2 secure configuration and encryption. You can learn more by reading the following:

SSL or TLS 1.0 Reference Note

If you are using SSL or TLS 1.0 and need to review your current configuration or renew your certificate, you may refer to the following:

Related Articles

Categories: APPS Blogs

PeopleSoft Database Secure Baseline Configuration

PeopleSoft, similar to other major ERP applications, while depending on a database to store information, arguably does not secure the supporting database. The security of the database is the client’s responsibility.

In order to give a few examples of what we are talking about when we refer to database security, the following are several of the 200+ database security checks that Integrigy performs during our PeopleSoft security configuration assessments - take a look today at your database for a few quick checks:

  • Limit direct database access whenever possible. This is always our number one recommendation – how isolated is your database?
  • Database CPU patching – have you applied the latest database CPU patches?
  • Logging and auditing – do you have auditing enabled? How much? What monitoring tools and processes do you have?
  • Database passwords – especially key accounts such as the Connect Id, Access Id, IB and PS – are they set to weak or default passwords? Are you using profiles?
  • Permissions and authorizations – when was the last time you reviewed them? How many users have SELECT ANY TABLE privileges?
  • Ensure the Default tablespace should never be ‘SYSTEM’ or PSDEFAULT for named users. These should be reserved for the Oracle RDBMS and application respectively
  • Do not use SYSADM for day-to-day support. Use named accounts instead, are you?

If you have questions, please contact us at info@integrigy.com

Michael A. Miller, CISSP-ISSMP, CCSP

References

PeopleSoft Database Security

PeopleSoft Security Quick Reference

Oracle Database, Oracle PeopleSoft, Auditor
Categories: APPS Blogs, Security Blogs

New OA Framework 12.1 Release Update Pack 5 Now Available

Steven Chan - Tue, 2016-06-21 18:12

Web-based content in Oracle E-Business Suite 12 runs on the Oracle Application Framework (OAF or "OA Framework") user interface libraries and infrastructure.   Since the release of Oracle E-Business Suite 12.1 in 2009, we have released several cumulative updates to Oracle Application Framework to fix performance, security, and stability issues. 

These updates are provided in cumulative Release Update Packs. "Cumulative" means that the latest Release Update Pack includes all of fixes released in previous RUPs. 

The fifth OAF update is now available:

OAF 12.1 RUP 5

Where is the documentation for this update?

Instructions for installing this OAF Release Update Pack are here:

Who should apply this patch?

All EBS 12.1 users should apply this patch.  Future OAF patches for EBS 12.1 will require this patch as a prerequisite.

What's new in this update?

Over 70 updates to various OA Framework components are included in this Release Update Pack:

  • Bug 10007122 FRM-41058 ERROR OCCURS WITH CTRL+E KEYS WHEN THE CURSOR FOCUS IS ON THE BUTTON.
  • Bug 10057139 GSI: QUERY IN FND_GLOBAL CAUSES HIGH CPU/NODE CRASH DUE TO MUTEX WAIT
  • Bug 10078872 1OFF:10057139:GSI: QUERY IN FND_GLOBAL CAUSES HIGH CPU/NODE CRASH DUE TO MUTEX W
  • Bug 10192670 12.1.4:10192626 FORWARD PORT: BI 3.1.1.11 :GRAPH IS NOT WORKING ON 64 BIT LINUX
  • Bug 10196565 10112858 FORWARD PORT: VO SUBSTITUTION DISPLAY AFTER 'DISABLE SELF-SERVICE PERSO
  • Bug 10285481 GOING TO SOURCING HOME PAGE FROM FAVOURITES, CREATING A QUOTE CAUSING EXCEPTION
  • Bug 10335521 THE APPLICATIONS BACKGROUND TURNS COMPLETELY BLUE INTERMITTENTLY
  • Bug 10385406 CLASSCASTEXCEPTION OCCURED WHEN ADDING OAHEADERBEAN AS 1ST CHILD TO OAPAGELAYBEA
  • Bug 10390503 EBS 12.1.3 EXPORT TXT MIME TYPE CANNOT BE MAPPED FOR EXCEL
  • Bug 10435049 PEOPLE GROUP SEGMENTS BLANKED DURING UPDATE WHEN THOSE SEGMENTS NOT DISPLAYED
  • Bug 11059366 :RO:OAPAGECONTEXTIMPL.GETPARAMETERVALUES RETURNS MACED VALUES
  • Bug 11781531 NOT ABLE TO ADD HTTPS URL TO FAVORITES LINK IN 12.1.2. HTTP IS PRE-PENDED TO URL
  • Bug 11832737 FORWARD PORT OF 9908921 TO 12.1.3
  • Bug 11856365 CAN NOT OPEN FAVORITES LINKS IN NEW WINDOW FROM PREFERENCES PAGE
  • Bug 11879499 CREATION_DATE AND LAST_UPDATE_DATE ARE NOT CORRECT
  • Bug 11891959 FORWARD PORT OF BUG 9614874 TO 12.1.3
  • Bug 11924872 EMPTY SUB MENUS IN THE NEW TREE MODE NAVIGATOR ON HOMEPAGE (12.1.3)
  • Bug 12350371 UNABLE TO SEE LOGINPAGE PROBLEM 12.1.3
  • Bug 12424716 SAVE RESPONSIBILITY CONTEXT WHEN CREATING FAVORITES
  • Bug 12661140 12.1.3 :FAVORITES ADDED USING 'ADD TO FAVORITE' LOOSES MENU CONTEXT INFORMATION
  • Bug 12763903 PROBLEM OF FRENCH TRANSLATION - OAFSLIDEOUTMENU.JS ISSUE
  • Bug 12814546 SYMANTEC ICAP CLIENT ALWAYS THROWS JAVA.LANG.STRINGINDEXOUTOFBOUNDSEXCEPTION
  • Bug 12820394 MDS QUERY - PERFORMANCE ISSUE
  • Bug 12829410 INCORRECT REQUISITIONS SHOWN WHEN USING OA FAVORITES
  • Bug 12900897 PERFORMANCE ISSUE WITH PERSONALIZATION IMPORT EXPORT PAGE UNDER FUNCTIONAL ADMIN
  • Bug 13028359 VIRUS SCAN DOES NOT KICK IN AFTER THE ATTACHMENTS ARE ADDED
  • Bug 13033466 MOZILLA : COPY PASTING AND TYPING BEHAVE DIFFERENT IN RTE
  • Bug 13033815 AFTER APPLYING PATCHES :12654106 AND 11894708, TEXT STYLE CHANGED IN POPUPS
  • Bug 13038333 RO SEGEMENTS WHEN DEFAULTED ARE NOT STORING THE VALUES ON SUBMIT
  • Bug 13109125 ALT+TAB TO TOGGLE IN AND OUT OF APPS CAUSING O AND N TO ACTIVATE SLIDEMENU
  • Bug 13243104 ISSUE WITH EXCEL DRILLDOWN
  • Bug 13322060 PLANNING- FORECAST SCHEDULE LINK FAILS WITH JAVA ERROR MESSAGE
  • Bug 13340173 QUANTITY FIELD DOES NOT VALIDATE DECIMAL SEPARATOR
  • Bug 13402264 UNABLE TO CREATE QUERY CRITERIA MAP IN PERSONALIZATION
  • Bug 13549105 NEED FORWARD PORT PATCH FOR BUGS 13108282 AND 13373481 IN 12.1.3
  • Bug 13550248 YOU ARE TRYING TO ACCESS A PAGE THAT IS NO LONGER ACTIVE - MACCHECK SECURITY ERR
  • Bug 13555434 CANNOT IMPORT PERSONALIZATIONS USING FUNCTIONAL ADMINISTRATOR
  • Bug 13626261 POPUP THROWS EXCEPTION WHEN CHANGING RESPONSIBILITY IN CONTEXT SWITCHER
  • Bug 13691585 ENTITY CACHE NOT HONORED WHEN EO ACCESSED VIA AO
  • Bug 13710707 ($RO$) SUFFIX MAKES SEGMENT VALUES DISAPPEAR IN KFF LOV WINDOW RESULTS TABLE
  • Bug 13737406 HIJRAH DATE FORMAT ISSUE WHEN A DATE VALUE IS GETTING DEFAULTED
  • Bug 13738942 SUPPORT OPENING OF LOV WINDOW WHEN EXACT MATCH IS ALSO A PARTIAL MATCH
  • Bug 13822452 CONNECTION LOCKED IN OANAVIGATEPORTLETAM AFTER LOGIN WITH CONFIGURABLE HOME PAGE
  • Bug 13915163 RESPONSIBILITY ID NOT VISIBLE WHILE PERSONALIZING THROUGH FUNCTIONAL ADMINISTART
  • Bug 13919206 NEW BASE-DESKTOP.XSS CHANGES OAF DESIGN DUE TO 12350371
  • Bug 14071624 START PAGE PROFILE/PREFERENCES GETTING RESET
  • Bug 14343026 AM LEAK IN ICXFAVORITESAM AND OANAVIGATEPORTLETAM LEADING TO JDBC CONNECT LEAKS
  • Bug 14345705 THE NUMBER OF ERROR MESSAGE STACKED IN ARRAYLIST IS RESET FROM 10TH IN OAF
  • Bug 14365312 PROJECT INFORMATION NOT GETING SAVED IN IPROC
  • Bug 14467324 OADESCRIPTIVEFLEXBEAN REFERS INCORRECT SEGMENT LIST CORRESPONDING TO THE CONTEXT
  • Bug 14550047 1OFF: R12.1.4 CONSOLIDATED PATCH FOR CORE FLEXJ FLEXFIELD FILES STANDALONE
  • Bug 14634957 DYNAMIC POPLIST DID NOT GET REFRESHED ON PPR EVENT
  • Bug 14644892 7505198 - PERFORMANCE ISSUE WHILE ENTERING CHARGE ACCOUNT IN REQUISITION PAGE IN
  • Bug 14682009 HIGH DATA (HTML) TRANSFER OVER NETWORK ON PAGE RENDERING AND PPR
  • Bug 14759713 NOT RE-NEW CONTEXT WHEN CREATING FAVORITES BY "ADD TO FAVORITES"
  • Bug 14780941 DUPLICATE EXECUTION OF SAVED SERACH RESULTING IN PERF ISSUE
  • Bug 14830586 MOVING ITEMS IN THE MANAGE FAVORITES PAGE SENDS USER TO LAST PAGE AFTER MOVE
  • Bug 15828154 13933688: IPRO SHOPPING CART PAGE CONSUMES HUGE HEAP MEMORY AND USER CAN'T CONTI
  • Bug 15929270 LOV WINDOW COMING UP AFTER SELECTING THE VALUE FROM LOOKAHEAD LOV
  • Bug 16675890 HIDDEN REQUIRED FLEX SEGMENT NOT DEFAULT
  • Bug 16753850 RINNING IN ISSUE WITH ... IS NOT A DATE FORMATTED AS
  • Bug 17032279 ITEMS IN R12 HOMEPAGE FAVOURITES DROP DOWN MENU MISSING AFTER UPGRADE
  • Bug 17245992 WRONG VALUE POPULATED ONCE SELECTION THROUGH AHEAD LOV IS MADE
  • Bug 17308202 TRANSLATION ISSUE IN POPUP TITLE
  • Bug 17344496 PERSONALIZED VIEW IN BUYER WORK CENTER COPIES VALUE TO OTHER VIEWS WHEN CREATING
  • Bug 17351418 IMPROPER HANDLING OF EXCEPTIONS SENT ON LOV INVALIDATION
  • Bug 17385100 "UPDATE ATTACHMENT" POP-UP IN THE BWC DOES NOT FULLY UPDATE THE ATTACHMENT CATEG
  • Bug 17418969 NLS: HOVER TEXTS EXPAND/COLLAPSE OF RESPONSIBILITY TREE VIEW ARE HARDCODED
  • Bug 17458320 NLS: HARDCODED HOVER TEXT FOR RESPONSIBILITY/PAGE PULLDOWN IN PREFERENCES PAGE
  • Bug 17472133 HOVER TEXT "CLOSE POPUP" IS UNTRANSLATED
  • Bug 17548019 R12 HOMEPAGE "-" MINUS SIGNS NEXT TO RESPONSIBILITY HAVING ONE MENU ISSUE
  • Bug 17618077 IE10 COMPATIBILITY PATCH AND FIX FOR R: AFTER 9773527, NEW BLANK ROW AUTO-ADDED
  • Bug 17659762 "WARNING QUERY HAS EXCEEDED 100 ROW ; "FND: VIEW OBJECT MAX FETCH SIZE"
  • Bug 17811126 ADDRESS VALIDATION/SUGGESTION BOX DOES NOT WHEN DFF ENABLED
  • Bug 17842417 MENUS WITH GRANT DISABLED AT MENU AND FUNCTION LEVEL ARE VISIBLE ON LOGIN PAGE
  • Bug 17857284 ABOUT THIS PAGE DOES NOT SHOW ANYTHING

Related Articles

Categories: APPS Blogs

PeopleTools October 2014 CPU Security Patch

The prior blog post (PeopleSoft Security Patches) reviewed PeopleSoft CPU patching. Worthy of its own post is the October 2014 CPU. A show of hands back in April at our PeopleSoft database security presentation at Collaborate 2016 (PeopleSoft Database Security) further confirmed Integrigy’s research that a surprising number of PeopleSoft installations have not applied this patch.

The PeopleTools October 2014 CPU (8.52.24, 8.53.17, 8.54.04) fixes a critical issue with the security of the database passwords for the Connect and Access Ids. This patch MUST be applied in order to safeguard the password for the Access Id (e.g. SYSADM) – regardless of how complex you have made it. The details of the specific vulnerability are best not given further explanation on the Internet.

This said if you have not already applied the October 2014 CPU or any CPU since (they are cumulative) and you have questions and/or concerns, please contact us at info@integrigy.com

Michael A. Miller, CISSP-ISSMP, CCSP

References

PeopleSoft Database Security

PeopleSoft Security Quick Reference

Oracle PeopleSoft, Oracle Critical Patch Updates
Categories: APPS Blogs, Security Blogs

OAM 11g : Authorization headers are not passed to downstream applications

Online Apps DBA - Fri, 2016-06-17 11:31

Readers, Just another post on OAM 11g issue that I have recently seen. OAM version could be 11g R1 or later. It is common practice for OAM to pass headers to downstream applications for userid or any other user/session attributes for SSO to work. Recently while working on EBS 12.2 and OAM PS3 SSO integration, I […]

The post OAM 11g : Authorization headers are not passed to downstream applications appeared first on Oracle Trainings for Apps & Fusion DBA.

Categories: APPS Blogs

Multi-Factor Authentication possibilities in OAM 11g

Online Apps DBA - Thu, 2016-06-16 17:27

Readers, It’s been sometime since writing here, however I believe I am back with good informative post today. It is very common ask for MFA these days and there are multiple ways to achieve this in Oracle Access Management by using either OAM 11g or combination of OAM and OAAM 11g (and/or using 3rd party products). […]

The post Multi-Factor Authentication possibilities in OAM 11g appeared first on Oracle Trainings for Apps & Fusion DBA.

Categories: APPS Blogs

Applying Patches in Oracle Fusion Middleware ? Welcome to Zero DownTime (ZDT) Patch ?

Online Apps DBA - Thu, 2016-06-16 15:29

 In my Oracle Fusion Middleware Training for Apps DBAs, DBAs, and Middleware Admin, I was discussing about Patching as part of Module 10, where we cover various patching tools like opatch, bsu, psa for various products like SOA, WebLogic, OHS, WebCenter etc including Schema Patches. One of the topic came was how to apply patches without impacting […]

The post Applying Patches in Oracle Fusion Middleware ? Welcome to Zero DownTime (ZDT) Patch ? appeared first on Oracle Trainings for Apps & Fusion DBA.

Categories: APPS Blogs

Frequently Asked Questions about EBS Security

Steven Chan - Tue, 2016-06-14 12:59

We often receive questions about Oracle E-Business Suite security.  To assist with answering the most frequently asked questions about Oracle E-Business Suite security including secure configuration, auditing and encryption and others, the following new document is now available:

The questions in the FAQ are organized in the following sections:

  • Section 1: Secure Configuration and Architecture
  • Section 2: Auditing
  • Section 3: Access and Authentication
  • Section 4: Encryption and Masking             
  • Section 5: Connection Encryption

 Examples of questions answered in the new FAQ include:

  • What features are available for auditing Oracle E-Business Suite?
  • Do all DBAs require the APPS password?
  • Why should you migrate from SSL to TLS?
  • What versions of TLS are currently certified with Oracle E-Business Suite?
  • How do you configure HTTPs for Oracle E-Business Suite?
  • Can you use SHA-2 signed PKI certificates with Oracle E-Business Suite?

We plan to update this document on a regular basis.  As you read through the new document, please let us know if there are additional questions that we should consider adding.

Where can I learn more?

There are several guides and documents that cover Oracle E-Business Suite secure configuration and encryption for Release 12.1 and 12.2. You can learn more by reading the following:

Related Articles

Categories: APPS Blogs

PeopleSoft Security Patches

The process of applying security patches starts with identifying which patches to apply. For PeopleSoft, security patches need to be considered for both the application and the major technical components. The application of security patches, referred to by Oracle as Critical Patch Updates (CPUs), for one component DO NOT apply security patches for the other components.

For example, PeopleTools CPU patches DO NOT include database CPUs – applying one will not automatically apply nor include the other. The same holds for WebLogic and Tuxedo CPU patches.

CPUs for PeopleTools releases are provided for up to 24 months after the next minor release is generally available. The following table will assist in analyzing your PeopleTools CPU levels certification status with other key PeopleSoft technical components:

PeopleTools

(PT)

PT Generally Available Date

PT CPU Delivered through

Database

Certifications

WebLogic

Certifications

Tuxedo

Certification

PT8.51

9/10/10

Jan 2014

11.2.0.4

10.3.6.0

10.3.0.0

PT8.52

10/28/11

Jan 2015

11.2.0.4

10.3.6.0

10.3.0.0

PT8.53

2/1/13

7/19/16

11.2.0.4

12.1.0.2

10.3.6.0

11.1.3.0

11.1.1.2

PT8.54

7/11/14

12/4/17

11.2.0.4

12.1.0.2

12.1.3.0

12.1.2.0

12.1.1.0

PT8.55

12/4/15

TBD

11.2.0.4

12.1.0.2

12.1.3.0

12.1.1.0

12.1.3.0

  • WebLogic 10.3.6.x is supported through December 2018
  • WebLogic 12.1.2.0 is supported through 6/2016
  • WebLogic 12.1.3.0 is supported through 12/2017 and will be the terminal release of 12.1.x
  • Tuxedo support dates: 10.3 12/2016, 12.1.3 in 2020 all 1
  • 1.x and 12.1.1 end in 2018

If you have questions, please contact us at info@integrigy.com

Michael A. Miller, CISSP-ISSMP, CCSP

REFERENCES

PeopleSoft Database Security

PeopleSoft Security Quick Reference

 

Oracle PeopleSoft, Oracle Critical Patch Updates
Categories: APPS Blogs, Security Blogs

Pages

Subscribe to Oracle FAQ aggregator - APPS Blogs