Various solutions may be used to create intersystem business processes. The trusted relationships or Single Sign-on (SSO) between PeopleSoft systems allow minimizing the authentication requirements. If the calling PeopleSoft system (Node) accepts the called system as trusted, the password won’t be required.
As a matter of urgency, Oracle has released 5 patches addressing severe vulnerabilities identified by the ERPScan team. The most critical of them have the highest CVSS base score of 9.9 and even 10.0 and may be exploited over a network without the need for a valid username and password. The issues affect the Jolt server within Oracle Tuxedo as the main component of numerous Oracle’s products. One of the products that use this component is Oracle PeopleSoft. By exploiting these vulnerabilities, an attacker can gain full access to all data stored in the following ERP systems:
The SAP threat landscape is always expanding thus putting organizations of all sizes and industries at risk of cyberattacks. The idea behind SAP Cyber Threat Intelligence report is to provide an insight into the latest security threats and vulnerabilities.
PeopleSoft has multiple functional opportunities, which are implemented through programs, transactions, and reports. An access to these objects should be strictly regulated by defining user profiles, roles and permission lists as the access to critical actions (e.g. access to modify data or to read any tables) enables users to attack PeopleSoft systems in order to steal critical data or escalate their privileges.
This is the final article of “GDPR for SAP” series devoted to implementation of GDPR requirements in SAP environments. Today we’ll review a number of ways provided by SAP to monitor access to personal data in SAP systems.
This article is the beginning of a series of articles “SAP HANA for Dummies” devoted to the review of the main features and security issues of SAP HANA. We will consider the key aspects of the system itself, its security and also we will pay attention to vulnerabilities of its several modules.
We continue to familiarize you with PeopleSoft security aspects and share the latest research directly from our lab, hot and tasty. The topic of today’s research is …
Passwords! Right, it’s a never-ending topic. I will describe how to decrypt PeopleSoft application-specific passwords for fun and profit.