Skip to main content
Waters Employee Login
 
Waters

Do any of the patches listed in Oracle's Critical Patch Update notifications apply to my NuGenesis databases? - WKB95584

  1. Last updated
  2. Save as PDF
Article number: 95584

ENVIRONMENT

  • NuGenesis 9
    • NuGenesis 9.1 / Oracle Database 19c
    • NuGenesis 9.0 / Oracle Database 12.2
  • NuGenesis 8
    • Oracle Database 11.2

ANSWER

Some of the patches listed in Oracle's Critical Patch Update (CPU) notifications may apply to the database versions in NuGenesis; however, the embedded Oracle license included with NuGenesis software does not allow customers to apply patches to the NuGenesis database instances. If the NuGenesis systems use the customer's own license agreement with Oracle, then the ability to patch the databases would be governed by the terms of that agreement.

Waters does not test the Oracle CPU patches for compatibility with NuGenesis.

ADDITIONAL INFORMATION

If the Oracle CPU cannot be applied to the NuGenesis database due to the embedded license, it is still possible to mitigate the impacts of the security vulnerabilities by applying standard security best practices:

  • Manage the NuGenesis schema accounts as per Waters' recommendations
  • Evaluate whether the Oracle Database component or option as noted in each CVE entry in the CPU is used by NuGenesis.  Vulnerabilities in database components/options which are not used by NuGenesis are not expected to impact NuGenesis databases; however, if the database has components/options beyond those which are required for NuGenesis, then those excess components/options could pose a security risk, and they should be removed.  The NuGenesis Database installer for Windows platforms installs only the required component/options, and the embedded license agreement does not allow customers to modify the database directly, so the risk of excess DB components is low for Windows.  On Linux platforms, the customer provides the Oracle Binaries installation and creates the instances/PDBs for NuGenesis under the terms of their own license with Oracle, and therefore there may be excess components/options installed
  • Use LDAP authentication (with TLS encryption) in NuGenesis SDMS and LMS so that application users do not need Oracle Database accounts
  • Lock or drop any non-NuGenesis-schema accounts which are not needed
  • Apply the principle of "least privilege" to the accounts which must remain active.  Restrict SYSDBA access to only the few users who need it
  • In Oracle 12c and 19c databases, enable the default Unified Audit Trail policies ORA_SECURECONFIG and ORA_LOGON_FAILURES, as a minimum.  Those two default policies allow system administrators to check for excess logon failures

id95584, SUPNG

Not able to find a solution? Click here to request help.