Skip to content

[Advisory] Protect your Oracle Commerce, ATG, or Endeca Implementation

December 7, 2016

On Oct 28, 2016, Oracle posted a security alert indicating that critical updates are required for most versions of Oracle Commerce, ATG and Endeca.

Oracle confirmed these applications could be exploited without authenticated access. That means hackers could manipulate and delete data, or even crash the named systems.

Protect Your Implementation with Oracle’s Critical Security Updates

The good news is your company can get ahead of any security risks right away because Oracle recently released the required security patch updates.

What’s more, Oracle has intentionally not exposed the specific security issues or the ways in which hackers might exploit them.

They’ve kept this information confidential in order to protect your corporate reputation and your implementation of Oracle Commerce, ATG or Endeca.

Your next step is to determine your level of risk.

Your Version of Oracle Commerce, ATG or Endeca Determines Your Security Risk

Your level of risk depends on the version of Oracle Commerce, ATG or Endeca that your company is currently running.

Reference the table below for guiding considerations and recommended actions.

level of risk
Oracle Commerce, ATG, or Endeca Version Number
Oracle Supported? Recommended Actions
HIGH

Versions of Endeca* older than v.2.6

(includes v.6.x, v.5.x, v.4.x)

No - your version of Endeca can't be protected or optimized with Oracle's most current security updates, application enhancements, and bug fixes. Review your options with RealDecoy to determine which search platform is best suited to your business and technical requirements (i.e. Endeca vs. new search platform).
MODERATE

Oracle Commerce v.11.x

ATG v.10.x

Versions of Endeca* newer than v.6.2   (includes v.3.x and v.11.x)

Yes - your Oracle Commerce, ATG, or Endeca implementation can be protected and optimized ASAP with Oracle's most current security update. You can also take advantage of ongoing application enhancements and bug fixes. Implement Oracle's security update to ensure your corporate reputation and Endeca implementation is protected.

Demystifying Endeca Versioning

Please note Endeca version releases do not follow a logical numerical sequence.

Smaller Endeca version numbers DO NOT necessarily represent unsupported versions of Endeca.

Endeca v.3.x and v.4.x are the newest, supported versions.

If your company is running a version older than Endeca v.6.2 – which includes v.5.x and v.4.x – then you’re running an unsupported version of Endeca.

If that’s the case, you’re risk of low website conversion rates, order sizes and repeat business is much higher due to potential performance and security issues that upset customers.

How can RealDecoy Help You?

Together, we’ll determine which of the following service options make most sense for your business based on your level of risk.

If your company is using a supported version of Oracle Commerce, ATG or Endeca then RealDecoy can: 

Assess your company’s level of risk and the potential impact on your application;

Apply Oracle's patch(es) to Endeca and/or ATG components;

Test and monitor your application after installation.

If your company is using an unsupported version of Endeca then RealDecoy can:

Assess your business and technical requirements;

Determine with you which technology is best suited to drive your business and technical requirements (i.e. Endeca version upgrade versus a new search platform).

Contact RealDecoy to discuss your level of risk and specific requirements to ensure your implementation of Oracle Commerce, ATG or Endeca is fully secure.

Related Articles

b2b next workshop chicago

CEO Richard Isaac Shares B2B Advice: The Chicago Interview

September 24, 2018

Mary Wagner of Digital Commerce 360 interviews RealDecoy’s Richard Isaac on how data and content drive B2B sales online

Read More

GIS and Business Intelligence: RealDecoy & Spatial DNA at the 2018 GeoExpo

November 28, 2018

RealDecoy and RealDecoy partner Spatial DNA were at the 2018 Geo Expo in Kingston to talk GIS, business and the next frontier in technology.

Read More
uxdesignpostcards

Announcing UX Lab in Partnership with the University of Technology

November 29, 2018

The University of Technology has partnered with international digital agency RealDecoy to give students a hands-on introduction into the world of user experience design.

Read More