Industry’s first vulnerability management solution for Oracle PeopleSoft
At a recent BlackHat security conference in Las Vegas, where the latest unique
research is published every year, researchers from ERPScan presented the first and only report on
vulnerabilities in Oracle PeopleSoft. ERPScan CTO Alexander Polyakov and Director of Consulting Dr.
Alexey Tyurin presented a workshop featuring new techniques of security assessment for business systems
including Oracle PeopleSoft, which is used in many big companies.
Oracle PeopleSoft software is a combination of supply chain, human resources,
supplier relationship management, and much more. This software is installed by 6000+ customers (57 % of
Fortune 100 list) and serves 20 million employees worldwide. Providing an attacker with an opportunity
to steal the personal data of more than 20 million people is very easy because most PeopleSoft
applications are connected to the Internet for providing access to suppliers. Simple Google search
strings can find about 500 internet-enabled PeopleSoft applications. Shodan requests will show much
Multiple vulnerabilities found in this system by different researchers, including
unique research by the ERPScan team, can allow third parties to get full access to the system and obtain
critical HR or supplier data, social security numbers, probably even credit card data. Not only is it
possible to steal data, but also to cause denial of service or modify financial information such as bank
Because of their extreme complexity and customization, Oracle’s PeopleSoft
applications that store key business data are vulnerable to many attacks. Until now, there were no
solutions on the market which could address vulnerabilities in Oracle PeopleSoft applications. Meet
ERPScan add-on for PeopleSoft – the industry’s first vulnerability management solution for Oracle
PeopleSoft applications and components.
How can we help?
We are introducing a new add-on to our flagship product ERPScan Security Monitoring
Suite, an award-winning solution with 360° protection against cyber-attacks and internal fraud. It is
easy to implement, able to perform gap analysis within one minute, powerful, customizable, and equipped
with a plethora of advanced settings. ERPScan is specifically designed for enterprise systems to
continuously monitor the state of security in multiple SAP and Oracle business applications. It makes
identifying threats an easy process, helps management with smart dashboards, is capable of high-level
trend analysis, risk management, and task delegation. It allows report generation in multiple formats
and easily integrates with IT GRC and SIEM solutions.
Our customers enjoy central management of business applications security with
minimal time and effort.
The current add-on supports security checks for Oracle PeopleSoft application stack
including Oracle WebLogic and Oracle Database.
- Unique. The only solution on the market to address Oracle
PeopleSoft security checks
- Decrease OPEX. Extremely fast scans in less than 5 min save
- Cloud and SaaS support. Implement ERPScan as a virtual
appliance or run it as a service
- Enterprise. Continuous monitoring of vast landscapes (quickly
implemented, easy to use, scalable)
- Detailed. Largest database of Oracle PeopleSoft issues
- Agentless. Does not require any agents or modification of
- Risk management. Accept, modify, prioritize risks and export
them into GRC solutions
- Task management. Assign tasks or export them to GRC and ITSM
- User management. Create users, assign roles and access rights
- Project management. Schedule multiple projects against
different systems using different templates
- Notification management. Be notified when something is
- Template management. Create your own scan templates which fit
your policies or choose from predefined
- Reports. Generate reports in multiple formats or export
results to GRC or SIEM solutions
- High-level statistics and trend analysis. 30+ CISO dashboards
to analyze trends