Alert for March 2020

Over recent months we have seen a significant rise in the number high scoring/critical security vulnerabilities addressed in the Oracle PeopleSoft patches. We have seen many attempts and actual attacks on the PeopleSoft install base. It is therefore imperative that PeopleSoft users are running a supported PeopleTools version that is fully patched.

Patching – What’s the latest? 

On January 15th Oracle published the quarterly Critical Patch Update Advisory. Did you know there are 2 classed as ‘Critical’ vulnerabilities (scoring 9.8 out of 10) and 3 that are classed as ‘Very High (scoring between 7 – 9)? In total, there were 15 vulnerabilities identified in the following PeopleSoft products and up to 38 depending on your version of WebLogic:

Product Total
PeopleTools 8.56 & 8.57 13
PeopleSoft Common Components for 9.1 & 9.2 1
PeopleSoft HCM 9.2 1
Weblogic(across multiple versions) 38

Furthermore, PeopleTools 8.56 is already out of platform and fix support but Oracle will continue to provide CPU support up to October 2020.

What does this mean?

With several vulnerabilities in the critical and very high category many of these can be exploited without requiring user credentials.  The high scoring vulnerabilities are also classified as posing a high risk to confidentiality.  Confidentiality is defined as “There is total information disclosure, providing access to any / all data on the system. Alternatively, access to only some restricted information is obtained, but the disclosed information presents a direct, serious impact.

What can we do to help? 

We understand that BAU and project work can get in the way with applying these fixes. If you find yourself in this situation, we have a team of highly experienced PeopleSoft consultants who are able to engage quickly with you to apply these patches and/or upgrade PeopleTools providing you a rapid fix without disrupting your present business commitments.

Peoplesoft Experts

If you need any help with assessing the risks to your PeopleSoft environment or if you need assistance in applying these patches the please reach out to our specialist team in Version 1. The Version 1 PeopleSoft team are one of the most experienced teams in Europe. Please do not hesitate in reaching out us if you would like to talk about any of the above or about our wider services in: PeopleSoft HCM (HR) & Global Payroll, PeopleSoft Financials PeopleSoft Training, PeopleSoft Managed Services and PeopleSoft in the Cloud.