In 6.6.148 InsightVM added coverage for Oracle E-Business Suite scanning. Our EBS administrator is asking for documentation on what it scans. They also want to know what library the scan engine uses to determine if something is vulnerable.
Is there any additional documentation on the EBS scanning coverage?
For fingerprinting EBS, valid Oracle Database credentials are needed. We then access the APPS Schema, along with a number of tables (find_product_installations, ad_bugs, find_product_groups, find_application_all_view) to determine what components are installed, along with the current CPU version, and other patches that may be installed.
We generate content from Oracle EBS advisories, and compare these the the fingerprinted components to trigger content, similar to any other vulnerability content.
Are there specifc instructions on setting up credentialed patch checks for Oracle E-Business Suite? I have found this - but need more: InsightVM Release Notes.