[Advisory] Oracle Security Alerts – Protect your Oracle Commerce, ATG, or Endeca Implementation

On Oct 28, 2016, Oracle posted a security alert indicating that critical updates are required for most versions of Oracle Commerce, ATG and Endeca.

Oracle confirmed these applications could be exploited without authenticated access.

That means hackers could manipulate and delete data, or even crash the named systems.

Protect Your Implementation with Oracle’s Critical Security Updates

The good news is your company can get ahead of any security risks right away because Oracle recently released the required security patch updates.

What’s more, Oracle has intentionally not exposed the specific security issues or the ways in which hackers might exploit them.

They’ve kept this information confidential in order to protect your corporate reputation and your implementation of Oracle Commerce, ATG or Endeca.

Your next step is to determine your level of risk.

Your Version of Oracle Commerce, ATG or Endeca Determines Your Security Risk

Your level of risk depends on the version of Oracle Commerce, ATG or Endeca that your company is currently running.

Reference the table below for guiding considerations and recommended actions.

PLAN

Price

Price for 1 minute

Your text

Level of Risk

HIGH


MODERATE

Oracle Commerce, ATG, or Endeca Version Number

Versions of Endeca* older than v.2.6

(includes v.6.x, v.5.x, v.4.x)

Oracle Commerce v.11.x

ATG v.10.x

Versions of Endeca* newer than v.6.2   (includes v.3.x and v.11.x)

Oracle Supported?

No - your version of Endeca can't be protected or optimized with Oracle's most current security updates, application enhancements, and bug fixes.

Yes - your Oracle Commerce, ATG, or Endeca implementation can be protected and optimized ASAP with Oracle's most current security update. You can also take advantage of ongoing application enhancements and bug fixes.

Recommended Actions

Review your options with RealDecoy to determine which search platform is best suited to your business and technical requirements (i.e. Endeca vs. new search platform). 

Implement Oracle's security update to ensure your corporate reputation and Endeca implementation is protected. 

*Demystifying Endeca Versioning

Please note Endeca version releases do not follow a logical numerical sequence.

Smaller Endeca version numbers DO NOT necessarily represent unsupported versions of Endeca.

Endeca v.3.x and v.4.x are the newest, supported versions.

If your company is running a version older than Endeca v.6.2 – which includes v.5.x and v.4.x – then you’re running an unsupported version of Endeca.

If that’s the case, you’re risk of low website conversion rates, order sizes and repeat business is much higher due to potential performance and security issues that upset customers.

 

How can RealDecoy Help You?

Together, we’ll determine which of the following service options make most sense for your business based on your level of risk.

If your company is using a supported version of Oracle Commerce, ATG or Endeca then RealDecoy can: 

  • Assess your company’s level of risk and the potential impact on your application;
  • Apply Oracle’s patch(es) to Endeca and/or ATG components;
  • Test and monitor your application after installation.

If your company is using an unsupported version of Endeca then RealDecoy can:

  • Assess your business and technical requirements;
  • Determine with you which technology is best suited to drive your business and technical requirements (i.e. Endeca version upgrade versus a new search platform).

Contact RealDecoy to discuss your level of risk and specific requirements to ensure your implementation of Oracle Commerce, ATG or Endeca is fully secure.