APPS Blogs

Webcast: "Oracle E-Business Suite Internationalization and Multilingual Features"

Steven Chan - Wed, 2017-05-24 11:43

Oracle University has a large collection of free recorded webcasts for EBS.  If you're running your E-Business Suite environment in a multilingual configuration, see:

Oracle E-Business Suite supports more countries, languages, and regions than ever. Maher Al-Nubani, Senior Director Product Development shares an overview of internationalization features and capabilities as well as new Release 12 features such as calendar support for Hijra and Thai, new group separators, lightweight multilingual support (MLS) setup, new character sets such as AL32UTF8, newly supported languages, Mac certifications, Oracle iSetup support for moving MLS setups, new file export options for Unicode, new MLS number spelling options, and more. This session was recorded live at Oracle OpenWorld 2014.

Categories: APPS Blogs

SCAP OVAL SQL57_TEST Example For Oracle E-Business Suite

Last week I posted a blog introducing SCAP and OVAL. Here is a quick follow-up with a link to a sql57_test example using the Oracle E-Business Suite - it will suffice for any Oracle database.

A great book to read first on SCAP titled ‘Security Automation Essentials’ for $15 on Amazon is a must read:  https://www.amazon.com/Security-Automation-Essentials-Streamlined-Communication/dp/0071772510. I would highly recommend this book to anyone interested in SCAP and much thanks to Witte, Cook, Kerr and Shaffer for writing it.

If you have any questions, please contact us at info@integrigy.com

-Michael Miller, CISSP-ISSMP, CCSP, CCSK

References
 
SCAP OVAL, Oracle Database, Oracle E-Business Suite
Categories: APPS Blogs, Security Blogs

Webcast: "Enterprise Manager 13c Cloud Control for Managing Oracle E-Business Suite"

Steven Chan - Tue, 2017-05-23 02:00

Oracle University has a wealth of free recorded webcasts for Oracle E-Business Suite.  Here's a free webcast that covers our E-Business Suite plug-in for Oracle Enterprise Manager:

Application Management Suite delivers capabilities to facilitate management of Oracle E-Business Suite environments running in the Oracle Cloud and on-premises using a single pane of glass. Angelo Rosado, Senior Principal Product Manager, shares key new features provided in the latest release of Application Management Suite for Oracle E-Business Suite available with EM 13c. Application Management Suite features that will be covered include deploying patches and customizations across all environments; comparing configurations between instances; provisioning a new instance to the Oracle Cloud; migrating an existing instance to the cloud; enforcing compliance standards; and automated cloning. This material was presented at Oracle OpenWorld 2016. 

Related Articles

Categories: APPS Blogs

Webcast: "Faster and Better: Oracle E-Business Suite Desktop Integration Enhancements"

Steven Chan - Mon, 2017-05-22 17:35

Oracle University has a wealth of free recorded webcasts for Oracle E-Business Suite.  If you're looking for an update on the latest enhancements to Web ADI in EBS 12.2, see:

Senthilkumar Ramalingam, Group Manager Product Development, discusses the simplified user experience and the latest OOXML standards support in Oracle Web Applications Desktop Integrator and Oracle Report Manager. The session includes new features in Release 12.2 and other design changes that result in vastly improved performance and spreadsheet experience. In addition, it offers information on how you can use Desktop Integration Framework to build your own custom desktop integrations between Oracle E-Business Suite and Microsoft Excel for enhanced end user productivity for mass upload/download of spreadsheet data. This material was presented at Oracle OpenWorld 2016. 

 
Categories: APPS Blogs

New OA Framework 12.2.4 Update 16 Now Available

Steven Chan - Thu, 2017-05-18 10:30
Web-based content in Oracle E-Business Suite Release 12 runs on the Oracle Application Framework (also known as OA Framework, OAF, or FWK) user interface libraries and infrastructure. Since the initial release of Oracle E-Business Suite Release 12.2 in 2013, we have released a number of cumulative updates to Oracle Application Framework to fix performance, security, and stability issues.

These updates are provided in cumulative Release Update Packs, and cumulative Bundle Patches that can be applied on top of the Release Update Packs. In this context, cumulative means that the latest RUP or Bundle Patch contains everything released earlier.

The latest OAF update for Oracle E-Business Suite Release 12.2.4 is now available:

Where is this update documented?

Instructions for installing this OAF Release Update Pack are in the following My Oracle Support knowledge document:

Who should apply this patch?

All Oracle E-Business Suite Release 12.2.4 users should apply this patch.  Future OAF patches for EBS Release 12.2.4 will require this patch as a prerequisite. 

What's new in this update?

This bundle patch is cumulative: it includes all fixes released in previous EBS Release 12.2.4 bundle patches.

This latest bundle patch includes fixes for following bugs/issues:

  • Row validation exception when multiple attachments are added.
  • The Fieldset legend label element of advanced search panel radio buttons group is empty. 

Related Articles

Categories: APPS Blogs

Webcast: "Migrating and Managing Customizations for Oracle E-Business Suite 12.2"

Steven Chan - Wed, 2017-05-17 15:23

Oracle University has a wealth of free recorded webcasts for Oracle E-Business Suite.  If you're looking for a primer on ensuring that your customizations work when you upgrade to EBS 12.2, see:

Have you created custom schemas, personalized or extended your Oracle E-Business Suite environment? Santiago Bastidas, Senior Principal Product Manager, discusses how to select the best upgrade approach for existing customizations. This session will help you understand the new customization standards required by the Edition-Based Redefinition feature of Oracle Database to be compliant with the Online Patching feature of Oracle E-Business Suite. You’ll learn about customization use cases, tools, and technologies you can use to ensure that all your customizations are preserved during and after the upgrade. You’ll also hear about reports you can run before the upgrade to detect and fix your customizations to make them 12.2-compliant. This material was presented at Oracle OpenWorld 2016. 

 
Categories: APPS Blogs

EBS 12.1 April 2017 Technology Stack Recommended Patch Collection Now Available

Steven Chan - Tue, 2017-05-16 11:17

The latest cumulative set of updates to the E-Business Suite 12.1 technology stack foundation utilities is now available in a new April 2017 Recommended Patch Collection (RPC):

Oracle strongly recommends that all E-Business Suite 12.1 users apply this set of updates.

What issues are fixed in this patch?

This cumulative Recommended Patch Collection contains important fixes for issues with the Oracle EBS Application Object Library (FND) libraries that handle password hashing and resets, Forms-related interactions, key flexfields, descriptive flexfields, and more.  

Bugs fixed by this patch include:

  • 10007122 - FRM-41058 ERROR OCCURS WITH CTRL+E KEYS WHEN THE CURSOR FOCUS IS ON THE BUTTON.
  • 10057139 - GSI: QUERY IN FND_GLOBAL CAUSES HIGH CPU/NODE CRASH DUE TO MUTEX WAIT
  • 10078872 - 1OFF:10057139:GSI: QUERY IN FND_GLOBAL CAUSES HIGH CPU/NODE CRASH DUE TO MUTEX W
  • 10098001 - 9828858 FORWARD PORT: CHECK EVENT ALERT  (ALECTC) IS NOT RUNNING
  • 10104874 - CONNECTION LEAKS FROM FNDGFM.JSP
  • 10113913 - STANDARD MANAGERS EXCEEDS THE MAXIMUM NUMBER OF PROCESSES
  • 10116616 - R12.1.2 : FND REQUEST SET COMPLETION STATUS IS NOT CORRECTLY DETERMINED
  • 10131650 - 9664961 FORWARD PORT: BRAZILIAN REQUEST GET ORA-1722 WHEN SCHEDULED PERIODIC REE
  • 10189376 - AUTOMATIC OU PARAMETER DEFAULTING WHILE SUBMITTING REQUEST FROM HTML NOT WORKING
  • 10252312 - SLOW TO SWITCH RESPONSIBILITIES IN 12.1.2 
  • 10301406 - 10105351 FORWARD PORT: ICM KEEPS ON OPENING A LARGE NUMBER OF CURSORS FOR THE SA
  • 10399418 - SUBMITTING REPORT FOR MULTIPLE LANGUAGES FAILS WITH APP-FND-01564
  • 11684796 - 1OFF:12.1.3:VALUE OF SENT DATE FIELD IN EMAIL NOTIFICATIONS INTERMITTENTLY POPUL
  • 11738560 - APPLICATION LISTENER AVAILABILITY IS NOT CHECKED FOR FAILOVER/FAILBACK IN PCP AF
  • 11767687 - THE CONCURRENT PROCESSING REQUEST INSTANCE / NODE AFFINITY OPTION DOES NOT WORK
  • 11767783 - INEFFICIENT SQL EXECUTED BY CRM
  • 11769977 - 11737592 FORWARD PORT: REVIVER.SH IS NOT STARTING THE ICM
  • 12311480 - XML REPORT OUTPUT IS NOT PRINTED WHEN USED IN REQUEST SET WITH 'PRINT TOGETHER' 
  • 12348600 - OAF : RBAC FOR ENG CONCURRENT PROGRAM
  • 12427010 - 12353506: ADCMCTL.SH SCRIPT IS UNABLE TO DETERMINE THE ICM STATUS
  • 12582633 - 11908164: ADAUTOCONFIG FAILLING ON SCRIPT AFCPCTX.SH. REQUEST LOG SHOWS ORA-0650
  • 12628319 - 12367883 FORWARD PORT: REMOTEFILE.TRANSFERFILE PREMATURELY DELETES RECEIVED FILE
  • 12666409 - USER WITH ROLE -COPY A SUBMITTED REQUEST GETTING FRM-41830
  • 12693467 - V$SESSION NOT POPULATING DATA PROPERLY FOR ACTION COLUMN FOR CONCURRENT REQUEST 
  • 12711866 - RO: 10020003 FORWARD PORT: REQUESTS MONITOR NOT USING 'VIEW' FIELD CORRECTLY
  • 12747284 - FNDCPPUR REQUEST FAILED DUE TO SIGNAL 8
  • 12776331 - FND_GSM_UTIL CHANGES FOR UPLOAD_CONTEXT_FILE REGISTER SERVICES
  • 12821441 - JAVA CONCURRENT PROGRAMS DOES NOT ALWAYS WRITE OUTPUT VIA FND_FILE
  • 12874866 - 12711618 FORWARD PORT: ALL REQUESTS INSERT INTO FND_CONC_PP_ACTIONS
  • 12932103 - 12815295 BACKPORT: CLEANUP EFFORT OF CLIENT SIDE SERVICE MANAGER FUNCTION AND EX
  • 12957954 - 11690591 FORWARD PORT: DEADLOCKS WHENEVER CONCURRENT MANAGERS START AFTER AN ENV
  • 13009610 - NEED TO INCREASE MAX VALUE OF FND_CONC_RELEASE_CLASSES_S
  • 13013531 - ACMP : EXCEPTION OCCURRED: ORA-00918: COLUMN AMBIGUOUSLY DEFINED
  • 13056071 - 1OFF:R12.ATG_PF.B.DELTA.3:PARAMETER1 IN FND_GRANTS NOT UPDATED AFTER USERNAME CH
  • 13066729 - COPY CONCURRENT REQUEST PDF TEMPLATE TO XLS GETTING FRM-40815
  • 13075711 - IN PCP ENV, AFTER THE FAIL OVER TO NODE 2, WE HAVE MULTIPLE FNDSM PROCESS.
  • 13262775 - SYNCH FILES 
  • 13353167 - WHEN SCHEDULING A CONCURRENT REQUEST THROUGH OAF SCREENS, 
  • 13371648 - CONCURRENT REQUEST ARE IN PENDING STANDBY STATE - CRM NOT RESOLVING
  • 13426254 - HIGH ENQ: TX - ROW LOCK CONTENTION ON FND_CONCURRENT_PROCESSES
  • 13520666 - FNDSVCRG STATUS COULD NOT BE DETERMINED AFTER RHEL5 SECURITY PATCH UPDATES
  • 13620594 - 1OFF:12.1.3:WF ENGINE SLOW PERFORMANCE PROCESSING TIMED-OUT ACTIVITIES
  • 13779426 - CP "GATHER TABLE STATISTICS" FOR GL.JE_BE_LINE_TYPE_MAP COMPLETES IN ERROR
  • 13804818 - 13688614: AFSLOAD.LCT DOESN'T DOWNLOAD DATA IF FUNCTION_NAME OR SUB_MEN
  • 13825341 - REMOVE UNNECESSARY XDO CODE DEPENDENCIES FROM OBSOLETE VO REPUBLISHFILEVO
  • 14046931 - WRONG DEFAULT TITLE WHEN ADDING REQUESTS SUMMARY SCREEN TO FAVORITES
  • 14128319 - SECURING ATTRIBUTE ICX_HR_PERSON_ID ASSIGNED VIA FND_USER_PKG
  • 14265552 - REPRINT/REPUBLISH USING USER_PRINTER_STLYE_NAME - ERROR INVALID STYLE
  • 14348816 - OFA DELIVER TO EMAIL ADDRESS DOES NOT ALLOW A HYPEN IN THE EMAIL ADDRESS
  • 14364164 - INTERNAL MONITOR KEEPS TRYING TO START INTERNAL CONCURRENT MANAGERS
  • 14526013 - CONCSUB BEHAVIOR SINCE ATG.RUP.7 AND CPU JAN-2012
  • 14545884 - WHEN SCHEDULING A CONCURRENT REQUEST THROUGH OAF SCREENS, 
  • 14629821 - 1OFF:10182664:12.1.3:UNDER HEAVY LOAD, MANAGERS SPIN AND CONSUME CPU 
  • 14673409 - EBS R12.1.3: TCA FIRST NAME/LAST NAME DO NOT SYNC TO LDAP IN SUPPLIER PORTAL
  • 14695512 - INVALID DECIMAL AND THOUSAND SEPARATOR
  • 14786043 - INTERNAL MONITOR KEEPS TRYING TO START INTERNAL CONCURRENT MANAGERS
  • 14791018 - REQUEST TO REMOVE OPTION WFDS_MODE=OWF ON FNDLOAD FOR PATCH 13622637
  • 14828518 - INTERNAL MONITOR KEEPS TRYING TO START INTERNAL CONCURRENT MANAGERS
  • 14828523 - PREREQ PATCH FOR AFCMGR.ODF
  • 14841198 - IPP PRINTER OPTIONS SET INCORRECTLY FOR DELIVERY
  • 15898572 - FND_USER_PKG INVALID AFTER PATCH 10024223
  • 15959817 - APPLICATION HAS STARTED PRODUCING MUCH MORE ARCHIVE REDO
  • 15972360 - NO. OF RECIPIENTS RESTRICTED TO FIVE IN SSWA NOTIFICATIONS WINDOW
  • 15981176 - ISSUES AFTER APPLYING FAILOVER PATCH 14828518:R12.FND.B
  • 16311718 - PROFILE - CONCURRENT: SHOW REQUESTS SUMMARY AFTER EACH REQUEST SUBMISSION NOT WO
  • 16602978 - STANDARD MANAGER ACTUAL AND TARGET PROCESSES ARE DIFFERENT.
  • 16735285 - SERVICE MANAGER GOES DOWN FREQUENTLY AFTER 13903857 AND 15981176
  • 16818306 - REPRINT/REPUBLISH REQUEST FAILS  JAVA.SQL.SQLEXCEPTION: NO CORRESPOND LOB DATA
  • 16880989 - +P4 FD: INDIA: GOING TO NEXT SCREEN SELECTING MULTIPLE LANGUAGE WHEN SCHEDULING 
  • 16946854 - REQUEST SUBMITTED BY CUSTOM RESP AND CUSTOM DATA GROUP CAUSES FNDLIBR TO COREDUM
  • 17002231 - ERROR IN OPP LOG WHEN "DELIVERY OPT" OPTION CHOSEN JAVA.LANG.NULLPOINTEREXCEPTIO
  • 17189881 - FND_STATS.RESTORE_SCHEMA_STATS FOR ALL SCHEMA IS FAILED
  • 17279094 - REQUESTS IN FRAMEWORK FOR A FUTURE DATE START IMMEDIATELY
  • 17287546 - UNABLE TO SELECT AM/PM WHEN TRYING TO SCHEDULE CONCURRENT REQUESTS
  • 17758638 - AFTER RUNNING FNDCPASS TO CHANGE THE ORACLE APPLICATION ACCOUNT PASSWORDS USERS 
  • 18071903 - POST MIXED CASE PSWRD  ON DB AND CLONE ON HASHED APPS CAN'T CHANGE APPLSYS PSWRD
  • 18083491 - PASSWORD RESETTING OF EXISTING USER IS NOT WORKING
  • 18137744 - FNDCPASS NOT CHANGING PASSWORD ON CLONED EBS R12.2.3
  • 18182723 - NUMBER OF ARGUMENTS INCREASE FOR SCHEDULED JOB, THE PROGRAM RUNS INTO WARNING & 
  • 18332973 - ADVANCED SEARCH CAN'T QUERY FOR SAME START AND END DATE
  • 18383570 - FNDCPASS NOT CHANGING PASSWORD AFTER UPGRADE TO 12.2.3
  • 18977939 - GETTING ERROR WHEN START CM USING ADSTRTAL.SH CONCOPER/CONCOPER -SECUREAPPS
  • 19048604 - GETTING ERROR WHEN START CM USING ADSTRTAL.SH CONCOPER/CONCOPER -SECUREAPPS
  • 19064976 - NLS:R:TST122:REGRESS:XDO PREVIEW IS WITH THE TOP TEMPLATE LANGUAGE
  • 19065069 - WHEN SCHEDULING A CONCURRENT REQUEST THROUGH OAF SCREENS, 
  • 19065267 - REPRINT/REPUBLISH USING USER_PRINTER_STLYE_NAME - ERROR INVALID STYLE
  • 19065293 - OAF : RBAC FOR ENG CONCURRENT PROGRAM
  • 19080080 - REPRINT/REPUBLISH REQUEST FAILS  JAVA.SQL.SQLEXCEPTION: NO CORRESPOND LOB DATA
  • 19080122 - IPP PRINTER OPTIONS SET INCORRECTLY FOR DELIVERY
  • 19211176 - CP OAF CONSOLIDATED 12.1.3.1 PATCH
  • 19539697 - WRONG VALUE RETURNED FOR THE RECORD SELECTED IN THE LOV
  • 20118026 - FORM PERSONALIZATIONS(FNDCUSTM ) VALUE CANNOT BE SAME BY CHOOSE OR MANUAL.
  • 20719878 - BUILTIN RAISE_FORM_TRIGGER_FAILURE ERROR ONE OR MORE REQUIRED FIELDS ARE MISSING
  • 21044265 - APPSTAND.FMB CALLS .FND_JAF_MESSAGE  WITH  APPLSYS
  • 21612876 - CROSS VALIDATION  PERFORMANCE ISSUES
  • 22220582 - UNABLE TO DISPLAY SIT DATA AFTER UPGRADE FROM 11I TO 12.1.3 RUP8
  • 22394026 - SECURITY RULE, INITIAL ENTRY OK, BUT ALLOWED TO OVERRIDE LATER
  • 23115501 - 1OFF:12.2.4:APP-FND-01023 THE FOLLOWING REQUIRED FIELD DOES NOT HAVE A VALUE
  • 23586683 - CCID NOT SAVED WHEN ACCOUNT SEGMENTS ARE CHANGED USING THE ACCOUNTING FLEX
  • 25107367 - UNABLE TO ADD NEW MESSAGE TYPE FORMS PERSONALIZATION ACTIONS ON TOP PF EXISTING
  • 25190067 - AFTER 23601325 WHAT DOES CROSS-VALIDATION RULE VIOLATION REPORT (ENHANCED) DO?
  • 25381217 - AFTER PATCH 25107367 PERSNZN FORM DO YOU WANT TO SAVE THE CHANGES YOU HAVE MADE
  • 3400667 - WISH LIST: DYNAMIC PARAMETERS
  • 7109984 - ORG-LEVEL PROFILE VALUE NOT RETURNED WHEN ORG_ID IS NOT SET
  • 7227733 - FND NEEDS CLARIFICATION AS TO HOW R12 FUNCTIONALITY OF ORG_ID WORKS
  • 9301929 - 9042119 FORWARD PORT: FND_CONCURRENT_REQUESTS TABLE IS BEING ACCESSED BY ALL THE
  • 9560529 - 9109247 FORWARD PORT: SCHEDULED REQUESTS STILL RUN FOR END_DATED USERS 100% CPU
  • 9755236 - OPP WARNING FLAGS NOT BEING SET CORRECTLY

Related Articles

Categories: APPS Blogs

EBS 12.2 April 2017 Technology Stack Recommended Patch Collection Now Available

Steven Chan - Tue, 2017-05-16 11:08

The latest cumulative set of updates to the E-Business Suite 12.2 technology stack foundation utilities is now available in a new April 2017 Recommended Patch Collection (RPC):

Oracle strongly recommends that all E-Business Suite 12.2 users apply this set of updates.

What issues are fixed in this patch?

This cumulative Recommended Patch Collection contains important fixes for issues with the Oracle EBS Application Object Library (FND) libraries that handle password hashing and resets, Forms-related interactions, key flexfields, descriptive flexfields, and more.  

Bugs fixed by this patch include:

  • 18071903 - POST MIXED CASE PSWRD  ON DB AND CLONE ON HASHED APPS CAN'T CHANGE APPLSYS PSWRD
  • 18083491 - PASSWORD RESETTING OF EXISTING USER IS NOT WORKING
  • 18137744 - FNDCPASS NOT CHANGING PASSWORD ON CLONED EBS R12.2.3
  • 18383570 - FNDCPASS NOT CHANGING PASSWORD AFTER UPGRADE TO 12.2.3
  • 19248704 - 17908376:NEED THE ONE OFF PATCH FOR 12.2.3
  • 19259764 - ERROR WHEN OPENING FORMS IN IE8 ON MULTI-NODE EBS 12.2.3
  • 19891697 - PERFORMANCE PROBLEMS RESULTS SET CACHE
  • 19899452 - R12.2.3 GETTING AP DFF ERROR - THE MAXIMUM VALUE SIZE FOR SEGMENT IS X. TRUNCATI
  • 20537212 - VALUES IN ITEM CODES ARE NOT VISIBLE ON APPLYING KEY FLEXFIELD SECURITY RULES
  • 20814982 - DEFAULTING DFF SEGMENT BEHAVIOR IS DIFFERENT FROM 11I
  • 21612876 - CROSS VALIDATION  PERFORMANCE ISSUES
  • 22220582 - UNABLE TO DISPLAY SIT DATA AFTER UPGRADE FROM 11I TO 12.1.3 RUP8
  • 22550312 - OVER 2300 CONTEXTS DEFINED CAUSES FNDFFVGN SIGNAL 11
  • 23115501 - 1OFF:12.2.4:APP-FND-01023 THE FOLLOWING REQUIRED FIELD DOES NOT HAVE A VALUE
  • 23586683 - CCID NOT SAVED WHEN ACCOUNT SEGMENTS ARE CHANGED USING THE ACCOUNTING FLEX
  • 23601325 - 12.2.4 AFTER 23115501 FNDRXR PERFORMANCE STILL EXISTS
  • 24442779 - RBAC MODEL SETUP USAGES FOR MOBILE APPS
  • 25107367 - UNABLE TO ADD NEW MESSAGE TYPE FORMS PERSONALIZATION ACTIONS ON TOP PF EXISTING
  • 25190067 - AFTER 23601325 WHAT DOES CROSS-VALIDATION RULE VIOLATION REPORT (ENHANCED) DO?
  • 25242246 - FLEXFIELD VIEW GENERATOR GIVES SIGNAL 11 ERROR WHEN CREATE MORE 2656 CONTEXTS
  • 25381217 - AFTER PATCH 25107367 PERSNZN FORM DO YOU WANT TO SAVE THE CHANGES YOU HAVE MADE

Related Articles

Categories: APPS Blogs

STIGS, SCAP, OVAL, Oracle Databases and ERP Security

Last week’s unprecedented ransomware cyber attacks (http://preview.tinyurl.com/lhjfjgk) caught me working through some research on security automation. The cyber attacks evidently were attributed to an unpatched Windows XP vulnerability. When challenged with securing 1,000s of assets such as all the Windows desktops and Linux servers in an organization, automation quickly becomes a requirement.

Automation is increasingly coming up in our client conversations about how to secure the technology ‘stack’ supporting large ERP implementations such as the Oracle E-Business Suite, PeopleSoft, and SAP. For example, how do you from a security professional perspective, communicate an objective risk assessment comprehensive of both the secure baseline configuration (control adherence/violation) and security patch levels (patch/unpatched CVEs) for the Linux operating systems, virtualization software, web server, database and the ERP application itself? Without automation, it is not feasible to promptly produce risk-based assessments of the complete technology stack and to produce results that are readily expressed in a common risk measurement (e.g. CVE) not requiring deep subject matter expertise.

Automation, however, can only be considered after requirements have been defined. I have long used Security Technical Implementation Guides (STIGs) in both my research and work with clients to define security requirements. STIGs are secure configuration standards developed by the US Department of Defense for products such as the Oracle RDBMS and are freely available (http://iase.disa.mil/stigs/Pages/index.aspx). While most clients do not need their databases hardened to military specifications, STIGs are an invaluable source of security best practice thinking.

STIGs (security checklists) are only available in xml format – not PDF files. DISA does provide a utility to view and work with STIGs (http://iase.disa.mil/stigs/Pages/stig-viewing-guidance.aspx) which allows you to manually execute the checklist, record your findings and then export the results. See this YouTube (https://www.youtube.com/watch?v=-h_lj5sWo4A) posting for a great summary of the STIG Viewer and how to use it.

Security Content Automation Protocol (SCAP)

To answer the question of how do you automate STIG and/or security checklists, again the Department of Defense has thought through the challenges and has created the Security Content Automation Protocol (SCAP).

SCAP is a multi-purpose framework to automate the security scanning of configurations, vulnerabilities, patch checking and compliance. SCAP content is developed by the National Institute of Standards and Technologies (NIST) and the components are described in the table below. The key point is that SCAP security content (checklists) is free and that the SCAP content scanning tools are available both in open source and commercial options.

SCAP Component

Description eXtensible Checklist Configuration Description Format (XCCDF) XML-based language for specifying checklists and reporting the results of checklist evaluations. Open Vulnerability and Assessment Language (OVAL) XML-based language for specifying test procedures to detect machine state Common Vulnerabilities and Exposures (CVE) Nomenclature and dictionary of security-related security flaws Common Configuration Enumeration (CCE) Nomenclature and dictionary of software security configuration issues Common Vulnerability Scoring System (CVSS) Methodology for measuring the relative security of software flaws Open Checklist Interactive Language (OCIL) XML-based language for specifying security checks that require human interaction or that otherwise cannot be bundled by OVAL Asset Reporting Format (ARF) Standardized data model for sharing information about assets to facilitate the reporting, correlating, and fusing of asset security information.   OpenSCAP

There are many tools, Integrigy’s AppSentry included (https://www.integrigy.com/products/appsentry), that will perform a STIG scan of an Oracle database. The question I was researching this week, is could I use a single SCAP tool to automate the scanning of both the Linux server and the database as well as possibly ERP configurations for PeopleSoft and/or the Oracle E-Business Suite – can could I possibly do this with open source software?

The first tool I considered was OpenSCAP (https://www.open-scap.org/). This open source tool is easy to install either on your laptop or Linux database server and has remote scanning capabilities. The example below shows the capabilities of the GUI tool ‘SCAP Workbench’ and the freely available content that is installed by default for scanning a Linux server.

This exercise quickly confirmed that there is a great deal of security automation available for Linux system security configurations. Here, though, is where I hit a wall: could OpenSCAP work with Oracle databases? While the SCAP standards clearly showed support for scanning SQL database configurations using OVAL’s SQL probes (e.g. sql_test, sql57_test etc…), I may be corrected, but the standard build of OpenSCAP do not appear to include the SQL probes.

 

JOVAL

To obtain the SQL probes for SCAP scanning of database configurations, after some research, I obtained an evaluation copy of Joval Professional (http://jovalcm.com/). Joval describes themselves as allowing you to Scan anything from anywhere and to allow continuous configuration assessments for developers, enterprises, content authors and security professionals.

The installation of Joval Professional was quick and I was able to scan my laptop and remotely scan the remote Oracle Linux server without issues. The screen shot below shows the results of the remote scan of the Linux server running the Oracle RDBMS.

With a bit of experimentation (and great customer service from Joval), I was able to quickly prove I could develop OVAL content for automated SCAP scanning of Oracle databases, either for standard database security checks or for Oracle E-Business and/or PeopleSoft configurations. One key concern with the proof-of-concept is that connection string hardcodes the user name and password. The hardcoding is certainly a security issue, but JOVAL (as well as OpenSCAP) offers python bindings. The screen shot below is a single OVAL scan that included two SQL checks as well as checks against content in the sqlnet.ora file using the OVAL probe: textfilecontent54_test. 

My OVAL definition is referenced below. I am providing it as an example for others. The key points you will know is for the JOVAL connection string for Oracle:

Engine:  oracle
Version values: 11.2.0, 11.1.0, 10.2.0, 10.1.0, 9.2.0, 9.0.1
Connection string (do not use JDBC syntax): user=<username>;password=<password>;SID=<instance name>

If you want to replicate the proof-of-concept:

  1. Download a trial version of Joval Professional.
  2. Run a scan of your local laptop
  3. Run a remote scan of Linux server running your Oracle RDBMS
  4. Edit sample benchmark file (here) for your database
  5. Upload the edited sample benchmark into Joval
  6. Run the sample benchmark scan
What Next?

Having proven I can use OVAL to write Oracle and ERP audit checks, I will spend a bit more time expanding the POC. I am also interested in automation options for Joval and OpenSCAP exports to a NoSQL database such as MongoDB using the Asset Reporting Format (ARF) (https://scap.nist.gov/specifications/arf/). Both Joval and OpenScap have standard functionality to export results using ARF.

If you have any questions, please contact us at info@integrigy.com

-Michael Miller, CISSP-ISSMP, CCSP, CCSK

References

Sample Oracle OVAL benchmark definition: SCAP OVAL Example Check for Oracle

SCAP

NIST SCAP site: https://scap.nist.gov/

SCAP content: https://nvd.nist.gov/ncp/repository?scap

Oracle Linux Security Guide – Using OpenSCAP: https://docs.oracle.com/cd/E37670_01/E36387/html/ol-scap-sec.html

Great summary of SCAP: https://energy.gov/sites/prod/files/cioprod/documents/Technical_Introduction_to_SCAP_-_Charles_Schmidt.pdf

OVAL

Writing OVAL content https://oval.mitre.org/documents/docs-07/Writing_an_OVAL_Definition.pdf

OVAL tutorial https://nvd.nist.gov/scap/docs/conference%20presentations/workshops/OVAL%20Tutorial%202%20-%20%20Definitions.pdf

 
 
 
 
 
 
SCAP OVAL, Security Strategy and Standards, FISMA/DOD, Oracle Database, Oracle E-Business Suite
Categories: APPS Blogs, Security Blogs

Webcast: "TLS 1.2 Configuration for Oracle E-Business Suite"

Steven Chan - Mon, 2017-05-15 11:11

Oracle University has a wealth of free recorded webcasts for Oracle E-Business Suite.  If you're looking for an overview of how to set up TLS 1.2, see:

Elke Phelps, Senior Principal Product Manager, provides details regarding the deployment requirements when configuring TLS 1.2 with Oracle E-Business Suite 12.2 and 12.1.  Learn about key fundamentals for encrypting inbound, outbound and loopback connections in Oracle E-Business Suite, what prerequisite and configuration are required and what optional configurations are available.  Also provided is a TLS 1.2 configuration checklist that is beneficial in reviewing key configuration and prerequisite requirements. Basic knowledge of Oracle E-Business Suite architecture and security is assumed. This material was presenterd at Oracle OpenWorld 2016.

Related Articles

Categories: APPS Blogs

EBS 12.1 and 12.2 certified on IBM AIX 7.2

Steven Chan - Fri, 2017-05-12 15:35

I am pleased to announce that Oracle E-Business Suite Releases 12.1.3 and 12.2.3 (and later updates to those respective releases) are now certified on AIX 7.2, the latest operating system for the IBM AIX on Power Systems (64-bit) platform.

Installations of E-Business Suite on these operating systems require specific patches to the latest startCD prior to installing, followed by the application of the 12.1.3 RUP or the 12.2.3 RUP (or higher) for EBS 12.1 and 12.2 respectively. Cloning of existing EBS 12.1.3 or 12.2 environments to AIX 7.2 is also certified using the standard Rapid Clone process.

There are specific requirements to upgrade technology components such as the Oracle Database (to 11.2.0.4 or 12.1.0.2) and Fusion Middleware components as necessary. All requirements, known issues, patches needed, etc. are noted in the Installation and Upgrade Notes (IUN) below and must be reviewed and implemented.

The Certifications page ('Certify') on My Oracle Support is in the process of being updated with this information.

References

Related Articles

 

 

Categories: APPS Blogs

Reminder: Upgrade Microsoft Vista Desktops

Steven Chan - Thu, 2017-05-11 02:00
Vista logoMicrosoft ended support for Windows Vista on April 11, 2017.  The official support dates are published here:  

Windows Vista is certified for desktop clients accessing the E-Business Suite today.  Our general policy is that we support certified third-party products as long as the third-party vendor supports them.  When the third-party vendor retires a product, we consider that to be an historical certification for EBS.

What can EBS customers expect after April 2017?

After Microsoft desupports Vista in April 2017:

  • Oracle Support will continue to assist, where possible, in investigating issues that involve Windows Vista.
  • Oracle's ability to assist may be limited due to limited access to PCs running Windows Vista.
  • Oracle will continue to provide access to existing EBS patches for Windows Vista.
  • Oracle will provide new EBS patches only for issues that can be reproduced on later operating system configurations that Microsoft is actively supporting (e.g. Windows 7, Windows 10)

What should EBS customers do?

Oracle strongly recommends that E-Business Suite customers upgrade their desktops from Windows Vista to the latest certified equivalents.  As of today, those are Windows 7, 8.1, and 10

Related Articles

Categories: APPS Blogs

Revenue recognition transition adoption Options- Full or modified retrospective?

OracleApps Epicenter - Wed, 2017-05-10 12:13
The deadline for adoption of the new revenue recognition standards under ASC606 is fast approaching. Public companies need to adopt for fiscal years beginning in 2018 while private companies have until 2019. The changes in how to account for software and services can be significant, often requiring the break out of underlying performance elements that […]
Categories: APPS Blogs

Reminder: Extended Support for Oracle Portal Ends June 2017

Steven Chan - Wed, 2017-05-10 02:00

Extended Support Oracle Portal 11gR1 (e.g. Portal 11.1.1.6) ends on June 30, 2017.  This is published in the Oracle Lifetime Support Policy for Fusion Middleware (PDF):

Migrating to Oracle WebCenter

If you're currently using Oracle Portal, you should upgrade to the terminal release: Portal 11.1.1.6.  

You consider migrating to Oracle WebCenter Portal at your earliest convenience.

What can EBS customers expect after June 2017?

After Oracle Portal enters Sustaining Support on July 1, 2017:

  • Oracle Support will continue to assist, where possible, in investigating issues that involve Oracle Portal.
  • Oracle's ability to assist may be limited due to limited access to PCs running Oracle Portal.
  • Oracle will continue to provide access to existing EBS patches for Oracle Portal.
  • Oracle will provide new EBS patches only for issues that can be reproduced on Oracle WebCenter.

Related Articles

Categories: APPS Blogs

Certifications

Steven Chan - Tue, 2017-05-09 11:39
Categories: APPS Blogs

Oracle E-Business Suite APPS_NE Security Risks

The most recent version of the Oracle E-Business Suite, Release 12.2, introduces on-line patching to reduce downtime requirements. This new technical functionality is based on Edition-based redefinition provided by the Oracle 11gR2 database. For the E-Business Suite to make use of Editioning, Oracle has added a new schema to the ‘APPS’ family – the APPS_NE schema.

The APPS_NE schema is the owner of those objects previously owned by APPS that cannot be Editioned or in other words; the APPS_NEW is the APPS schema for the non-editioned database objects.  

There are several security implications with regard to APPS_NE:

  • The same password must be shared among APPLSYS, APPS, and APPS_NE. The default password for APPS_NE is 'APPS.'
  • APPS_NE has similar elevated system privileges to APPS (e.g. SELECT ANY TABLE), but is not identical. See the listing below for the 56 privileges granted to APPS_NE.
  • APPS_NE must be logged, audited and monitored APPS_NE as you do APPS. APPS_NE needs to be added to your audit scripts and procedures as well as monitoring solutions

The following lists summarize the system privilege differences between APPS and APPS_NE

-- APPS_NE has 3 privileges APPS does not            
CREATE MATERIALIZED VIEW
CREATE SEQUENCE
DROP ANY TYPE

 

-- APPS has 18 privileges that APPS_NE does not
ALTER ANY PROCEDURE
ALTER DATABASE
ANALYZE ANY DICTIONARY
CHANGE NOTIFICATION
CREATE ANY DIRECTORY
CREATE ANY EDITION
CREATE ANY PROCEDURE
CREATE EXTERNAL JOB
CREATE JOB
CREATE PUBLIC DATABASE LINK
CREATE PUBLIC SYNONYM
DEQUEUE ANY QUEUE
DROP ANY EDITION
DROP ANY PROCEDURE
DROP PUBLIC SYNONYM
ENQUEUE ANY QUEUE
EXECUTE ANY TYPE
MANAGE ANY QUEUE

 

-- APPS_NE has 56 system privileges
ALTER ANY CLUSTER
ALTER ANY INDEX
ALTER ANY MATERIALIZED VIEW
ALTER ANY OUTLINE
ALTER ANY ROLE
ALTER ANY SEQUENCE
ALTER ANY TABLE
ALTER ANY TRIGGER
ALTER ANY TYPE
ALTER SESSION
ALTER SYSTEM
ANALYZE ANY
COMMENT ANY TABLE
CREATE ANY CLUSTER
CREATE ANY CONTEXT
CREATE ANY INDEX
CREATE ANY MATERIALIZED VIEW
CREATE ANY OUTLINE
CREATE ANY SEQUENCE
CREATE ANY SYNONYM
CREATE ANY TABLE
CREATE ANY TRIGGER
CREATE ANY TYPE
CREATE ANY VIEW
CREATE DATABASE LINK
CREATE MATERIALIZED VIEW
CREATE PROCEDURE
CREATE ROLE
CREATE SEQUENCE
CREATE SESSION
CREATE SYNONYM
CREATE TRIGGER
CREATE TYPE
CREATE VIEW
DELETE ANY TABLE
DROP ANY CLUSTER
DROP ANY CONTEXT
DROP ANY INDEX
DROP ANY MATERIALIZED VIEW
DROP ANY OUTLINE
DROP ANY ROLE
DROP ANY SEQUENCE
DROP ANY SYNONYM
DROP ANY TABLE
DROP ANY TRIGGER
DROP ANY TYPE
DROP ANY VIEW
EXECUTE ANY PROCEDURE
GLOBAL QUERY REWRITE
GRANT ANY ROLE
INSERT ANY TABLE
LOCK ANY TABLE
SELECT ANY SEQUENCE
SELECT ANY TABLE
UNLIMITED TABLESPACE
UPDATE ANY TABLE

 

If you have any questions, please contact us at info@integrigy.com

-Michael Miller, CISSP-ISSMP, CCSP, CCSK

References
 
 
 
 
 
 
 
Oracle E-Business Suite
Categories: APPS Blogs, Security Blogs

Revenue Standard : Approach to transition to the new standard

OracleApps Epicenter - Tue, 2017-05-09 04:36
Question : Is there an approach to transition to the new accounting standard? A: The standard states that the methods to transition to the new standards are as follows: Entities are permitted to apply the new revenue standard either retrospectively subject to some practical expedients (that is, to restate prior periods for a consistent basis […]
Categories: APPS Blogs

Quarterly EBS Upgrade Recommendations: May 2017 Edition

Steven Chan - Tue, 2017-05-09 02:00

We've previously provided advice on the general priorities for applying EBS updates and creating a comprehensive maintenance strategy.   

Here are our latest upgrade recommendations for E-Business Suite updates and technology stack components.  These quarterly recommendations are based upon the latest updates to Oracle's product strategies, latest support timelines, and newly-certified releases

You can research these yourself using this Note:

Upgrade Recommendations for May 2017

  EBS 12.2  EBS 12.1  EBS 12.0  EBS 11.5.10 Check your EBS support status and patching baseline

Apply the minimum 12.2 patching baseline
(EBS 12.2.3 + latest technology stack updates listed below)

In Premier Support to September 30, 2023

Apply the minimum 12.1 patching baseline
(12.1.3 Family Packs for products in use + latest technology stack updates listed below)

In Premier Support to December 31, 2021

In Sustaining Support. No new patches available.

Upgrade to 12.1.3 or 12.2

Before upgrading, 12.0 users should be on the minimum 12.0 patching baseline

In Sustaining Support. No new patches available.

Upgrade to 12.1.3 or 12.2

Before upgrading, 11i users should be on the minimum 11i patching baseline

Apply the latest EBS suite-wide RPC or RUP

12.2.6
Sept. 2016

12.1.3 RPC5
Aug. 2016

12.0.6

11.5.10.2
Use the latest Rapid Install

StartCD 51
Feb. 2016

StartCD 13
Aug. 2011

12.0.6


11.5.10.2

Apply the latest EBS technology stack, tools, and libraries

AD/TXK Delta 9
Apr. 2017

FND
Aug. 2016

EBS 12.2.5 OAF Update 12
May 2017

EBS 12.2.4 OAF Update 15
Mar. 2017

ETCC
May 2017

Web Tier Utilities 11.1.1.9

Daylight Savings Time DSTv28
Nov. 2016

12.1.3 RPC5

OAF Bundle 5
Jun. 2016

JTT Update 4
Oct. 2016

Daylight Savings Time DSTv28
Nov. 2016

 

 

Apply the latest security updates

Apr. 2017 Critical Patch Update

SHA-2 PKI Certificates

SHA-2 Update for Web ADI & Report Manager

Migrate from SSL or TLS 1.0 to TLS 1.2

Sign JAR files

Apr. 2017 Critical Patch Update

SHA-2 PKI Certificates

SHA-2 Update for Web ADI & Report Manager

Migrate from SSL or TLS 1.0 to TLS 1.2

Sign JAR files

Oct. 2015 Critical Patch Update April 2016 Critical Patch Update Use the latest certified desktop components

Use the latest JRE 1.8, 1.7, or 1.6 release that meets your requirements.

Switch to Java Web Start

Upgrade to IE 11

Upgrade to Firefox ESR 52

Upgrade Office 2003 and Office 2007 to later Office versions (e.g. Office 2016)

Upgrade Windows XP and Vista and Win 10v1507 to later versions (e.g. Windows 10v1607)

Use the latest JRE 1.8, 1.7, or 1.6 release that meets your requirements

Switch to Java Web Start

Upgrade to IE 11

Upgrade to Firefox ESR 52

Upgrade Office 2003 and Office 2007 to later Office versions (e.g. Office 2016)

Upgrade Windows XP and Vista and Win 10v1507 to later versions (e.g. Windows 10v1607)

    Upgrade to the latest database Database 11.2.0.4 or 12.1.0.2 Database 11.2.0.4 or 12.1.0.2 Database 11.2.0.4 or 12.1.0.2 Database 11.2.0.4 or 12.1.0.2 If you're using Oracle Identity Management

Upgrade to Oracle Access Manager 11.1.2.3

Upgrade to Oracle Internet Directory 11.1.1.9

Migrate from Oracle SSO to OAM 11.1.2.3

Upgrade to Oracle Internet Directory 11.1.1.9

    If you're using Oracle Discoverer

Migrate to Oracle
Business Intelligence Enterprise Edition (OBIEE), Oracle Business
Intelligence Applications (OBIA).

Discoverer 11.1.1.7 reaches End of Life June 2017

Migrate to Oracle
Business Intelligence Enterprise Edition (OBIEE), Oracle Business
Intelligence Applications (OBIA).

Discoverer 11.1.1.7 reaches End of Life June 2017

    If you're using Oracle Portal Migrate to Oracle WebCenter  11.1.1.9 Migrate to Oracle WebCenter 11.1.1.9 or upgrade to Portal 11.1.1.6 (End of Life Jun. 2017).

 

 
Categories: APPS Blogs

New OA Framework 12.2.5 Update 12 Now Available

Steven Chan - Mon, 2017-05-08 02:00

Web-based content in Oracle E-Business Suite Release 12 runs on the Oracle Application Framework (also known as OA Framework, OAF, or FWK) user interface libraries and infrastructure. Since the initial release of Oracle E-Business Suite Release 12.2 in 2013, we have released a number of cumulative updates to Oracle Application Framework to fix performance, security, and stability issues.

These updates are provided in cumulative Release Update Packs, and cumulative Bundle Patches that can be applied on top of the Release Update Packs. In this context, cumulative means that the latest RUP or Bundle Patch contains everything released earlier.

The latest OAF update for Oracle E-Business Suite Release 12.2.5 is now available:

Where is this update documented?

Instructions for installing this OAF Release Update Pack are in the following My Oracle Support knowledge document:

Who should apply this patch?

All Oracle E-Business Suite Release 12.2.5 users should apply this patch.  Future OAF patches for EBS Release 12.2.5 will require this patch as a prerequisite. 

What's new in this update?

This bundle patch is cumulative: it includes 39 fixes in total, including all fixes released in previous EBS Release 12.2.5 bundle patches.

This latest bundle patch includes fixes for following bugs/issues:

  • An added favorite link outside Oracle E-Business Suite to open in a browser's new window is opening in the same window from Framework Simplified Home page.
  • The trusted domain URL such as UIX/Cabo URL redirecting to untrusted site when a malicious URL is framed.

Related Articles

Categories: APPS Blogs

May 2017 Update to E-Business Suite Technology Codelevel Checker (ETCC)

Steven Chan - Mon, 2017-05-08 02:00

The E-Business Suite Technology Codelevel Checker (ETCC) tool helps you identify application or database tier bugfixes that need to be applied to your Oracle E-Business Suite Release 12.2 system. ETCC maps missing bugfixes to the default corresponding patches, and displays them in a patch recommendation summary.

What’s New

ETCC has been updated to include bug fixes and patching combinations for the following software:

Recommended Versions

  • April 2017 Database 12.1.0.2 PSU and Proactive Bundle Patch
  • April 2017 Database 11.2.0.4 PSU and Engineered Systems Patch
  • Microsoft Windows Bundle Patch 12.1.0.2.170228

Minimum Versions

  • January 2017 Database 12.1.0.2 PSU and Proactive Bundle Patch
  • October 2016 Database 11.2.0.4 PSU and Engineered Systems Patch

Obtaining ETCC

We recommend always using the latest version of ETCC, as new bugfixes will not be checked by older versions of the utility. The latest version of the ETCC tool can be downloaded via Patch 17537119 from My Oracle Support.

Related Articles

References

Related Articles

Categories: APPS Blogs

Pages

Subscribe to Oracle FAQ aggregator - APPS Blogs