[Advisory] Protect your Oracle Commerce, ATG, or Endeca Implementation

December 7, 2016

On Oct 28, 2016, Oracle posted a security alert indicating that critical updates are required for most versions of Oracle Commerce, ATG and Endeca.

Oracle confirmed these applications could be exploited without authenticated access. That means hackers could manipulate and delete data, or even crash the named systems.

Protect Your Implementation with Oracle’s Critical Security Updates

The good news is your company can get ahead of any security risks right away because Oracle recently released the required security patch updates.

What’s more, Oracle has intentionally not exposed the specific security issues or the ways in which hackers might exploit them.

They’ve kept this information confidential in order to protect your corporate reputation and your implementation of Oracle Commerce, ATG or Endeca.

Your next step is to determine your level of risk.

Your Version of Oracle Commerce, ATG or Endeca Determines Your Security Risk

Your level of risk depends on the version of Oracle Commerce, ATG or Endeca that your company is currently running.

Reference the table below for guiding considerations and recommended actions.

level of risk
Oracle Commerce, ATG, or Endeca Version Number
Oracle Supported? Recommended Actions
HIGH

Versions of Endeca* older than v.2.6

(includes v.6.x, v.5.x, v.4.x)

No - your version of Endeca can't be protected or optimized with Oracle's most current security updates, application enhancements, and bug fixes. Review your options with RealDecoy to determine which search platform is best suited to your business and technical requirements (i.e. Endeca vs. new search platform).
MODERATE

Oracle Commerce v.11.x

ATG v.10.x

Versions of Endeca* newer than v.6.2   (includes v.3.x and v.11.x)

Yes - your Oracle Commerce, ATG, or Endeca implementation can be protected and optimized ASAP with Oracle's most current security update. You can also take advantage of ongoing application enhancements and bug fixes. Implement Oracle's security update to ensure your corporate reputation and Endeca implementation is protected.

Demystifying Endeca Versioning

Please note Endeca version releases do not follow a logical numerical sequence.

Smaller Endeca version numbers DO NOT necessarily represent unsupported versions of Endeca.

Endeca v.3.x and v.4.x are the newest, supported versions.

If your company is running a version older than Endeca v.6.2 – which includes v.5.x and v.4.x – then you’re running an unsupported version of Endeca.

If that’s the case, you’re risk of low website conversion rates, order sizes and repeat business is much higher due to potential performance and security issues that upset customers.

How can RealDecoy Help You?

Together, we’ll determine which of the following service options make most sense for your business based on your level of risk.

If your company is using a supported version of Oracle Commerce, ATG or Endeca then RealDecoy can: 

Assess your company’s level of risk and the potential impact on your application;

Apply Oracle's patch(es) to Endeca and/or ATG components;

Test and monitor your application after installation.

If your company is using an unsupported version of Endeca then RealDecoy can:

Assess your business and technical requirements;

Determine with you which technology is best suited to drive your business and technical requirements (i.e. Endeca version upgrade versus a new search platform).

Contact RealDecoy to discuss your level of risk and specific requirements to ensure your implementation of Oracle Commerce, ATG or Endeca is fully secure.

Related Articles

Inaugural Jamaica UX Workshop Hits A Cricket Six

September 17, 2018

Increasingly recognized as leaders in digital commerce, RealDecoy delivers a one-of-a-kind user experience design workshop in Kingston, Jamaica.

Read More

Oracle Customer Experience Blog: B2B e-Commerce Internationalization 101

August 24, 2015

RealDecoy’s President & CEO Richard Isaac was published in Oracle’s Customer Experience blog.

Read More

Gaining Real Control

August 12, 2015

RealDecoy brings a progressive approach to Oracle Commerce implementations that delivers more and costs less.

Read More