Skip to content

[Advisory] Protect your Oracle Commerce, ATG, or Endeca Implementation

December 7, 2016

On Oct 28, 2016, Oracle posted a security alert indicating that critical updates are required for most versions of Oracle Commerce, ATG and Endeca.

Oracle confirmed these applications could be exploited without authenticated access. That means hackers could manipulate and delete data, or even crash the named systems.

Protect Your Implementation with Oracle’s Critical Security Updates

The good news is your company can get ahead of any security risks right away because Oracle recently released the required security patch updates.

What’s more, Oracle has intentionally not exposed the specific security issues or the ways in which hackers might exploit them.

They’ve kept this information confidential in order to protect your corporate reputation and your implementation of Oracle Commerce, ATG or Endeca.

Your next step is to determine your level of risk.

Your Version of Oracle Commerce, ATG or Endeca Determines Your Security Risk

Your level of risk depends on the version of Oracle Commerce, ATG or Endeca that your company is currently running.

Reference the table below for guiding considerations and recommended actions.

level of risk
Oracle Commerce, ATG, or Endeca Version Number
Oracle Supported? Recommended Actions

Versions of Endeca* older than v.2.6

(includes v.6.x, v.5.x, v.4.x)

No - your version of Endeca can't be protected or optimized with Oracle's most current security updates, application enhancements, and bug fixes. Review your options with RealDecoy to determine which search platform is best suited to your business and technical requirements (i.e. Endeca vs. new search platform).

Oracle Commerce v.11.x

ATG v.10.x

Versions of Endeca* newer than v.6.2   (includes v.3.x and v.11.x)

Yes - your Oracle Commerce, ATG, or Endeca implementation can be protected and optimized ASAP with Oracle's most current security update. You can also take advantage of ongoing application enhancements and bug fixes. Implement Oracle's security update to ensure your corporate reputation and Endeca implementation is protected.

Demystifying Endeca Versioning

Please note Endeca version releases do not follow a logical numerical sequence.

Smaller Endeca version numbers DO NOT necessarily represent unsupported versions of Endeca.

Endeca v.3.x and v.4.x are the newest, supported versions.

If your company is running a version older than Endeca v.6.2 – which includes v.5.x and v.4.x – then you’re running an unsupported version of Endeca.

If that’s the case, you’re risk of low website conversion rates, order sizes and repeat business is much higher due to potential performance and security issues that upset customers.

How can RealDecoy Help You?

Together, we’ll determine which of the following service options make most sense for your business based on your level of risk.

If your company is using a supported version of Oracle Commerce, ATG or Endeca then RealDecoy can: 

Assess your company’s level of risk and the potential impact on your application;

Apply Oracle's patch(es) to Endeca and/or ATG components;

Test and monitor your application after installation.

If your company is using an unsupported version of Endeca then RealDecoy can:

Assess your business and technical requirements;

Determine with you which technology is best suited to drive your business and technical requirements (i.e. Endeca version upgrade versus a new search platform).

Contact RealDecoy to discuss your level of risk and specific requirements to ensure your implementation of Oracle Commerce, ATG or Endeca is fully secure.

Related Articles

b2b next workshop chicago

CEO Richard Isaac Shares B2B Advice: The Chicago Interview

September 24, 2018

Mary Wagner of Digital Commerce 360 interviews RealDecoy’s Richard Isaac on how data and content drive B2B sales online

Read More

RealDecoy Achieves First Dual Specialized Status for Oracle Endeca Commerce & Oracle Endeca Information Discovery

April 4, 2014

RealDecoy is the first company worldwide to achieve Oracle specialization for both Oracle Endeca Commerce and Oracle Endeca Information Discovery.

Read More
question marks

Endeca Community Questions

July 31, 2015

The insight and knowledge captured through RealDecoy’s former Endeca Community is now available for download. Get it here!

Read More