Oracle E-Business Suite Coverage

In 6.6.148 InsightVM added coverage for Oracle E-Business Suite scanning. Our EBS administrator is asking for documentation on what it scans. They also want to know what library the scan engine uses to determine if something is vulnerable.

Is there any additional documentation on the EBS scanning coverage?

Hi @frye

For fingerprinting EBS, valid Oracle Database credentials are needed. We then access the APPS Schema, along with a number of tables (find_product_installations, ad_bugs, find_product_groups, find_application_all_view) to determine what components are installed, along with the current CPU version, and other patches that may be installed.

We generate content from Oracle EBS advisories, and compare these the the fingerprinted components to trigger content, similar to any other vulnerability content.

I hope this helps.

1 Like