Contact us today.

Subscribe me to your mailing list

Research Team

PeopleSoft JOLTandBLEED Vulnerability

As a matter of urgency, Oracle has released 5 patches addressing severe vulnerabilities identified by the ERPScan team. The most critical of them have the highest CVSS base score of 9.9 and even 10.0 and may be exploited over a network without the need for a valid username and password. The issues affect the Jolt server within Oracle Tuxedo as the main component of numerous Oracle’s products. One of the products that use this component is Oracle PeopleSoft. By exploiting these vulnerabilities, an attacker can gain full access to all data stored in the following ERP systems:
Read more..

EAS-SEC. Oracle PeopleSoft Security Configuration. Part 8: Access control and SoD conflicts

PeopleSoft has multiple functional opportunities, which are implemented through programs, transactions, and reports. An access to these objects should be strictly regulated by defining user profiles, roles and permission lists as the access to critical actions (e.g. access to modify data or to read any tables) enables users to attack PeopleSoft systems in order to steal critical data or escalate their privileges.
Read more..

SAP HANA for Dummies

This article is the beginning of a series of articles “SAP HANA for Dummies” devoted to the review of the main features and security issues of SAP HANA. We will consider the key aspects of the system itself, its security and also we will pay attention to vulnerabilities of its several modules.

Read more..

ABAP Code Injection

We continue describing categories from the list that we discussed in our Introduction to Secure ABAP Development Guide and pursue “Injections”, a type of vulnerabilities occurs when an application provides no or a bad user input validation. An attacker can inject malicious data, thus performing non-intended actions in a system. Such vulnerability may result in the major SAP risks (Espionage, Sabotage, and Fraud).
Read more..