Contact us today.

Subscribe me to your mailing list

Author: Research Team

EAS-SEC. Oracle PeopleSoft Security Configuration. Part 5: Open remote management interfaces

In most cases, enterprise applications provide functionality for remote administration of the systems as well as access to various technical services. Such services can be available for connection from the Internet, and, in case of unsafe settings, be remotely managed without any authentication procedure.

PeopleSoft applications are integrated, and most of the remote configuration is performed in Portal by a user with certain privileges. However, there also may be the ability to interact with the PeopleSoft Servlets by sending to them certain commands.
Read more..

More than 1000 PeopleSoft applications are exposed to the Internet. What are the risks?

Oracle PeopleSoft is widely implemented in midsize companies and large enterprises (many from the Fortune 100) in various industries to manage resources. This software is also in use at Governmental and Higher education institutions.

PeopleSoft Suite includes Human Capital Management, Financial Management, Supplier Relationship Management, Supply Chain Management, and other applications. No need to say that these applications store and manage sensitive business-critical data.

A common misbelief is that enterprise software is not running on a public-facing network. Nonetheless, we conducted a scan that revealed there are more than 1000 unique PeopleSoft apps accessible via the Internet.
Read more..