Education Sector: PeopleSoft Critical Patch Update April 2019

April 17, 2019

“Education Sector: PeopleSoft Critical Patch Update April 2019” details PS updates that Oracle has delivered in its CPU.

Oracle has delivered CPU addressing PeopleSoft. Why do universities care?

Various departments of educational institutions use Oracle’s PeopleSoft systems such as Financials, HRMS, CRM, EPM, not to mention PeopleSoft Campus Solutions which is a package developed as SIS, or student information systems.

PeopleSoft is involved in a range of business processes and stores critical data including intellectual property, faculty and student personal identification information, health care and credit card information. Attacks against PeopleSoft allow a cyber attacker to catch or change different business-critical information, depending on modules installed in an organization.

So universities have to secure multiple kinds of data that PS stores. The motive is the fact that hackers continuously try to exploit security vulnerabilities existing in the systems.

Thus, the database giant improves the product each time and releases the Critical Patch Update (CPU). To make sure all the data of educational organizations is safe, cybersecurity professionals are required in the organizations that can take care of all issues.

In April 2019, Oracle published CPU with 12 fixes for PeopleSoft out of a total of 297. This composes 4% of the set. Eight of these flaws are remotely exploitable. The previous patch update was smaller and had 284 patches with 7% of patches addressing PeopleSoft in January 2019.

While ranking the severity of vulnerabilities released this time, two patches got high scores of 8.7 and 8.2 in CVSS. This score system rates from zero (least severe) to 10 (most severe) and shows the possibility to exploit a vulnerability and damage the systems. The formula for determining the score is public and freely distributed. However, it’s not aimed at just frightening but helping prioritize risks.

In some cases, it has been reported that attackers have been successful because targeted customers had failed to apply available patches. Therefore, Oracle recommends its customers to install updates right after Oracle’s release and do not delay this process.

EdGuards gives April’s PeopleSoft collection a rate of 6.1 for January 2019. The index is an average score of patch updates. The rate for this PeopleSoft patch update is higher than in October 2018, which was 5.9 but lower than in January 2019.

The next Oracle CPU is scheduled for 16 July 2019.

Random PeopleSoft fact

2017 became remarkable for PeopleSoft as Oracle beat the ‘Peoplesoft record’ by delivering the largest number of patches ever.

PeopleSoft Vulnerability Management

Contact us

*Average response time is 6 hours