Finit Blog

Oracle 11.1.2.4 Patch

Written by Finit | May 31, 2019 7:06:27 PM

Oracle EPM 11.1.2.4 Patch

Some of the underlying technologies employed by Oracle within their EPM application suite are quite out of date, are falling out of support, and are the source of potential security vulnerabilities. The most notable of these are WebLogic and Java, the technologies running on the EPM servers to handle application processing for much of the EPM system. 

We recently became aware of a serious security vulnerability in WebLogic whereby a hacker can take control of a server and potentially install programs, view, change, or delete data. Additional details on this issue can be found here: https://www.zdnet.com/article/new-oracle-weblogic-zero-day-discovered-in-the-wild/

To address this, Oracle has released a security patch for WebLogic 10.3.6  which we are recommending all 11.1.2.4 customers install. In addition, as of December 2018, Java release 6 has had its Extended Support expire:

 

By default, this version is utilized by the Oracle EPM applications on the servers. Oracle has certified the use of Java 7 with EPM 11.1.2.4 – and we are recommending the migration to the slightly more recent version which is still on extended support.

Not only will these patches help secure your system, but they are required to support connectivity with recent and forthcoming updates to the Oracle Cloud. Hybrid environments will need to utilize newer versions of encryption when connecting from on-premise FDMEE installations to cloud-based solutions by Oracle.

Here is an excerpt from a recent Oracle Cloud Readiness document: “Starting with the May 2019 update (Release 19.05) to EPM Services, Oracle will support only Transport Layer Security protocol version 1.2 (TLS 1.2) to communicate with EPM Cloud. To ensure the highest level of authentication and data encryption security, TLS 1.0 and TLS 1.1 will no longer be supported after your environments are updated on May 3, 2019.”

These two patches will further help extend the life of your Oracle EPM installation, therefore, we believe they should be employed as soon as possible.

Please contact our team to discuss how Finit is uniquely equipped to help with this patch support@finit.com