If I can do it, you can too…and I truly believe this. In this post I am going to cover what is Oracle Fusion Middleware (FMW), Why I learnt it and What & How you should learn it too. Before I tell more about FMW, for those who don’t know me, 16 Years ago, […]
No, Oracle security vulnerabilities didn’t just get a whole lot worse this quarter. Instead, Oracle updated the scoring metric used in the Critical Patch Updates (CPU) from CVSS v2 to CVSS v3.0 for the April 2016 CPU. The Common Vulnerability Score System (CVSS) is a generally accepted method for scoring and rating security vulnerabilities. CVSS is used by Oracle, Microsoft, Cisco, and other major software vendors.
As we have discussed previously, CVSS v2 did score Oracle security vulnerabilities for the database, middleware, and applications lower than operating system and network component vulnerabilities. Contrary to what many security researchers claim, the problem is with the CVSS standard, not manipulation of the scores by Oracle. CVSS v2 puts a premium on the ability to compromise the entire operating system (i.e., root account) or device. For most Oracle security vulnerabilities, across all products, it is very difficult to compromise the root operating system account by exploiting an Oracle Database, Fusion Middleware, or application (Oracle E-Business Suite, PeopleSoft, etc.) security bug. Although, there are some exceptions mostly limited to the Oracle Database running on Microsoft Windows Server, which allow compromise of the administrator account.
To account for this limitation in CVSS, Oracle included in the CPU advisory matrices for informational purposes only a “Partial+” to indicate where the entire database, middleware server, or application could be compromised. However, this was not reflected in the score since the CVSS standard says a “Complete” impact “… is total information disclosure, resulting in all system files being revealed.” As a result, Oracle CVSS v2 scores for critical or severe bugs tended to be 6.5 for the Oracle Database, 7.5 for Fusion Middleware, and 6.4 for applications like the Oracle E-Business Suite and PeopleSoft.
CVSS v3.0 changes the scoring to put more of an emphasis on the asset or component being protected (i.e., database or application). The key CVSS definition has changed from “system” to “impacted component.” The scoring algorithm also includes more granularity for privileges required to exploit and the scope of the exploit, such as can a database attack compromise the underlying operating system.
The Oracle CVSS v3.0 scores will be much higher now, especially for the Fusion Middleware and applications like Oracle E-Business Suite and PeopleSoft. Critical Fusion Middleware security bugs will rise from 7.5 to 9.8. Oracle E-Business Suite and PeopleSoft critical security bugs like unauthenticated SQL injection will jump from 6.4 to 9.8. As almost all Oracle Database security bugs require database authentication, the Oracle Database CVSS scores will go from 6.5 to 8.8 for easy to exploit SQL injection vulnerabilities in PUBLIC packages.
The critical risk associated with most Oracle security vulnerabilities is still critical. Now the CVSS score properly reflects the critical nature of many of these bugs.Oracle Critical Patch Updates
Oracle E-Business Suite 11i is impacted by 8 security vulnerabilities in the April 2016 CPU, which includes the Oracle Configurator and Oracle Complex Maintenance, Repair, and Overhaul security bugs listed under the Oracle Supply Chain Products Suite.
Starting with the April 2016 Critical Patch Update (CPU), Oracle E-Business Suite 11i security patches are only available for Oracle customers with Tier 1 Support contracts, previously referred to as Advanced Customer Support (ACS). Tier 1 Support must be purchased and is an additional fee on top of standard Oracle maintenance. Optional Tier 1 Support will include CPU security patches through October 2016.
CPU information for 11i has been moved from the standard quarterly CPU My Oracle Support (MOS) note for Oracle E-Business Suite to MOS Note ID 2126170.1 “Oracle E-Business Suite Release 11i Critical Patch Update Knowledge Document (For Oracle E-Business Suite 11i Tier 1 Support Customers).”
For more information on CPU support for 11i, please see MOS Note ID 1596629.1 “ANNOUNCEMENT: Additional Coverage Options for 11.5.10 E-Business Suite Sustaining Support.”
As an alternative to Oracle Tier 1 Support or as an additional layer of defense for Oracle E-Business Suite 11i, Integrigy’s web application firewall for Oracle E-Business Suite, AppDefend, provides virtual patching of Oracle E-Business Suite web security vulnerabilities, web application attack surface reduction, and protection from SQL injection and cross-site scripting (XSS) attacks.Oracle E-Business Suite, Oracle Critical Patch Updates
We’re just two days away from the start of Collaborate and there are so many session I want to get to, my focus is on Financial Applications both Cloud and E-Business Suite. I already listed sessions where you can find me presenting, but here are ones I think will be interesting, I will attend as many as I can
Firstly two cloud customers(Alex Lee and Westmont Hotels) talking about their experiences implementing cloud financials.
Monday April 11th 12:45 PM–1:45 PM – South Seas J
Derrick Walters, Corporate Applications Manager at Alex Lee
How Westmont Hospitality Benefited by Leveraging Cloud ERP
3:15 PM–4:15 PMApr 11, 2016 – South Seas I
Sacha Agostini Oracle Functional Consultant at Vigilant Technologies, LLC.
Next some AGIS, Legal Entity and related topics on E-Business suite. In these areas that have been out for some time, I generally learn something about innovative uses of the products. Our partners and customers are very smart.
Intracompany, Intercompany, AGIS – Unraveling the Mysteries!
2:15 PM–3:15 PM Apr 10, 2016 – South Seas A
Bharati ManjeshwarMs at Highstreet IT Solutions, LLC
Thomas Simkiss Vice-President of Consulting at Denovo Ventures, LLC
Its Not too Late! How to Replace Your eBTax Solution After You Have Upgraded
10:30 AM–11:30 AM Apr 11, 2016 – South Seas I
Mr Andrew BohnetDirector ateBiz Answers Ltd
3:30 PM–4:30 PMApr 10, 2016 – Jasmine H
Bharati ManjeshwarMs at Highstreet IT Solutions, LLC Finally, there are sessions called Power Hours, which are strangely two hours, but i really like the experience last year and based on the fact they are back i assume others did too. they are not a traditional lecture format, they are more interactive and allow people to discuss their experiences and learn from each other. If you have not tried one, I highly recommend them. Here are a couple that jumped out at me Power Hour – Coexistence – On Premise and Cloud Together and In Harmony
3:15 PM–5:30 PM Apr 11, 2016 – Mandalay Bay C
Mohan Iyer Practice Director at Jade Global, Inc. Power Hour – eBTax Hacks – Your Questions Answered
9:15 AM–11:45 AM Apr 12, 2016 – Mandalay Bay C
Mr Andrew Bohnet Director at eBiz Answers Ltd Alexander Fiteni President at Fiteni Enterprises Inc Dev Singh Manager at KPMG LLP Canada Power Hour – Master Data Structures in EBS and Cloud
12:45 PM–3:00 PM Apr 11, 2016 – Mandalay Bay C
Mohan Iyer Practice Director at Jade Global, Inc.
This post is related to Installation of Oracle E-Business Suite R12 (12.2 in specific) where you use StartCD to start Installation of Oracle E-Business Suite from root user. If you are looking for steps to install Oracle E-Business Suite R12 then look at Atul’s post on R 12.2 installation here Every now and then Oracle […]
The post Oracle Apps DBA :Installing EBS 12.2 ? Check this post appeared first on Oracle Trainings for Apps & Fusion DBA.
The OAUG Collaborate conference kicks off in Las Vegas on Sunday April 10th. This conference is organized by Oracle user groups and is packed with content from customers, partners and Oracle have some sessions too. If you follow this blog you will know I am a big fan of the conference, I learn a lot from our customers and try to give back as much as I can by sharing information and answering questions. The twitter conversations are already starting, follow #C16LV now and certainly during conference week to see what people are talking about.
I will be presenting a session on Accounting Hub Reporting Cloud Service for Oracle E-Business Suite
1:00 PM–2:00 PM Apr 12, 2016 – South Pacific I
Register now for that one, I will leave plenty of time for questions because this cloud service is generating a lot of buzz.
I will also be at the OAUG GL SIG Meeting
3:00 PM–4:00 PM Apr 13, 2016 – South Seas J
I’m also planning to attend Meet the Experts: Oracle E-Business Suite Financials
2:15 PM–3:15 PM Apr 12, 2016 – Breakers G
I will help take questions, you can decide if that qualifies me as an expert or not.
I’ll also be attending Oracle E-Business Suite and Oracle Cloud Solutions: Update, Strategy and Roadmap
Nadia Bendjedou, Sr. Director, Product Strategy, Oracle
Monday, April 11, 2:00 – 3:00 PM – Banyan A
I am combing through the sessions to identify others that I want to go to and learn from, I will share those later, watch this space.
Architecture in Oracle EBS R12.2 changed and Oracle introduced WebLogic Server. This was covered by Atul in his previous post on changes in EBS12.2. WebLogic Server contains Admin Server in a Domain and you use script adadminsrvctl to start Admin Server in Oracle EBS Domain. You need username/password to start/boot Admin Server and this […]
This post is series of Oracle Database 12c new features, check out our previous post on Five New Features in Oracle Database 12c for DBAs : Part I here The Oracle 12C means different things to different people. It all depends on which areas you are looking at, as there are improvements in many areas. Summarized […]
The post Next Five New Features in Oracle Database 12c for DBAs : Part II appeared first on Oracle Trainings for Apps & Fusion DBA.
This post is series of Oracle Database 12c new features, If you are new to PDB & CDB and challenges encountered in database consolidation then look at post here In this article, I shall be extensively exploring some of the very important new additions/enhancements introduced in Oracle Database 12c in the area of Database Administration, […]
The post Five New Features in Oracle Database 12c for DBAs : Part1 appeared first on Oracle Trainings for Apps & Fusion DBA.
Recently, one of our trainee came across the error when he was trying to drop RCU Schema that Prerequisite ” Oracle Platform Security services” failed . In this post, we will cover how to find what is the error and how to resolve this issue but before that one should know what is RCU. RCU: Repository Creation […]
The post RCU-6083 : Failed Drop/Remove Schema using RCU : Prerequisite OPSS failed appeared first on Oracle Trainings for Apps & Fusion DBA.
Please attend, if you are coming to OAUG Collaborate.
With the launch of database 12c in 2013, Oracle introduced a new architectural concept called Multi-Tenancy, where you have a Container Database (CDB) and Pluggable Database (PDB). To explain I included video from Tom Kyte & Randy Urbano where Tom discuss about Pluggable Databases and challenges in Database Consolidation. Randy explains Architecture of PDB/CDB and […]
Every day We get email/messages from college graduates asking about Oracle DBA role , on our discussion one thing that is common with most of the candidates is not getting enough interview calls even after submitting CVs. We go through lot of CVs on daily basis for our internal team/clients and main reason behind why we think […]
FAHRCS (pronounced farks) is the de facto acronym for the officially titled Accounting Hub Reporting Cloud Service. Is Stands for Fusion Accounting Hub Reporting Cloud Service, which is quite difficult to say. I have got pretty good at saying F.A.H.R.C.S quickly, but I think “farks” is probably the easiest.
If you are wondering what FAHRCS actually is, you can follow @FAHRCS on twitter, or check out https://cloud.oracle.com/en_US/accounting-hub-reporting-cloud for official documentation.
I’ll be presenting about it at the Higher Education User Group Conference, Alliance16 in March and again at OAUG Collaborate16 in April. So I hope to see you there and help you learn more about FAHRCS.
This post covers 10 things an Oarcle Apps DBA or SOA Administrator must know to install/deploy and configure Oracle SOA / BPM 12c . If you are new to Oracle Fusion Middleware or WebLogic Server, I suggest go through my previous post on WebLogic Domain – Admin , Managed Server and Cluster or go through my […]
. As Oracle ACE Atul Kumar has opened his next Oracle Fusion Middleware (FMW) Training course (next batch starts on 5th March 2016) I thought We should cover Fusion Middleware 12c new features in this post. Over next few months, We’ll be adding more and more FMW 12c features & Hands-On Exercises related to SOA/OHS 12c in this […]
The post Oracle Fusion Middleware 12c (12.2.1) New Features – WebLogic appeared first on Oracle Trainings for Apps & Fusion DBA.
Oracle Fusion Middleware transformed my career and now you have an opportunity to change yours, I’m working on Oracle Middleware since 2003-2004 (from 3.0.9 portal to 9iAS) but learning Oracle Fusion Middleware 10g/11g components like WebLogic, OHS, SOA, OBIEE, WebCenter etc.. completely transformed my Career. With Oracle’s acquisition of BEA and incorporating WebLogic Server […]