PeopleSoft Vulnerabilities Elevate ERP Security Issues
Enterprise resource planning systems are the unexplored continent of vulnerability research, in spite of the fact that these massive, critical business systems support the inner workings of many large corporations and IT organizations.
A recent run of bugs in SAP, and a presentation at this week’s Hack in the Box conference in Amsterdam, however, could turn the tide and open some eyes to ERP security issues.
Researcher Alexey Tyurin of ERPScan in Palo Alto, a firm specializing in SAP security, this week threw back the covers on a number of serious issues present in Oracle PeopleSoft. A dozen vulnerabilities were discussed during Tyurin’s HITB talk (.PDF), including a trio of architectural and configuration missteps that put business data at risk ranging from employee and customer personal information to supply chain data to other business critical information that could expose a company to corporate espionage and reputational damage.