In 6.6.148 InsightVM added coverage for Oracle E-Business Suite scanning. Our EBS administrator is asking for documentation on what it scans. They also want to know what library the scan engine uses to determine if something is vulnerable.
Is there any additional documentation on the EBS scanning coverage?
Hi @frye
For fingerprinting EBS, valid Oracle Database credentials are needed. We then access the APPS Schema, along with a number of tables (find_product_installations, ad_bugs, find_product_groups, find_application_all_view) to determine what components are installed, along with the current CPU version, and other patches that may be installed.
We generate content from Oracle EBS advisories, and compare these the the fingerprinted components to trigger content, similar to any other vulnerability content.
I hope this helps.
Are there specifc instructions on setting up credentialed patch checks for Oracle E-Business Suite? I have found this - but need more: InsightVM Release Notes.
Database scanning credential requirements | InsightVM Documentation will provide some more information.
The details on that page are for credentialed setup for both policy and vulnerability scans.