Every quarter, Oracle releases Critical Patch Updates (CPU) for their products. The Oracle EPM community is familiar with the normal Oracle EPM PSU/PSE patches which address functional aspects of the EPM products, either fixing defects or introduce new enhancements.
In contrast to EPM PSU/PSE patches, the CPU patches get relatively little attention within the EPM community while they are critical for securing Oracle EPM systems.
On a quarterly basis, inlumi trawls through the list of CPU patches and isolates the CPUs which are important for Oracle EPM installations. We then test these patches in the inlumi labs to ensure that the patches can be applied to the relevant environments. When applicable, inlumi runs vulnerability scans to ensure that the indicated security flaws (CVEs) have been addressed by the patches.
In January 2018, Oracle released 238 security related fixes for its products. Though none of the CPU patches directly relate to EPM products, they do impact the EPM’s middleware components on which Oracle EPM products rely. It is therefore critical that those underlying products are correctly patched.
January's patches have now been validated in the inlumi Labs and the list of safe patches are known.
If you would like to discuss securing your environments, get in contact with us at inlumi.