Oracle Fusion Middleware

Oracle Fusion Middleware is a family of connecting technologies Oracle for creating an application infrastructure.

Under the Oracle Fusion Middleware brand, Oracle has combined all integration software products.

Oracle Fusion Middleware includes:

• The entire Oracle Application Server product set, including all application server editions
  

• Tools that complement Oracle Application Server, such as Oracle JDeveloper, Oracle TopLink and Application Development Framework (ADF), Oracle Internet Developer Suite, Oracle BI Beans, Oracle Warehouse Builder;
  

• Integration product family: Oracle InterConnect, Oracle B2B, Oracle BPEL Pro-cess Manager, Oracle Business Activity Monitoring (BAM), Oracle Enterprise Service Bus (ESB);
  

• Oracle Data Hubs family, such as Oracle Customer DataHub, Oracle Financial Consolidation Hub, and Oracle Product Information Management Hub.
  

• family of security products: Oracle Identity Management, OracleCoreId Access and Identity, Oracle Web Services Manager, Oracle CoreId Federation and CoreId Provisioning;
  

• application server functional extensions such as: Oracle Portal, OracleBusiness Intelligence (BI), Oracle XML Publisher, Oracle Business Rules, Oracle Mobile, Oracle Sensor Edge Server
  ;

• Oracle Collaboration Suite and its Content Services, RealTime Collaboration, Unified Messaging, Workspaces modules with new functionality
  .

Oracle recently released a new software product from the Fusion Middleware family, Data Integrator, designed to integrate large amounts of data coming from various enterprise applications. The solution is designed to facilitate the integration of business critical applications such as Business Intelligence, Data Warehouse, Master Data Management, Service-Oriented Architecture, Business Activity Monitoring, ON and Application Migration and Consolidation.

Oracle Data Integrator provides heterogeneous information integration, performance with innovative ELT (Extract, Load, Transform) technology, supports both batch job processing and real-time operation. In addition, the application can reduce the cost of developing and supporting integrated systems using a declarative model language and program code libraries called Knowledge Modules.

The new development is based on technology created by the recently acquired company Sunopsis. Oracle Data Integrator eliminates the need to use a specialized ETL server by performing data transformation operations either inside the source application or inside the data store, which, according to the developers, increases the processing speed and reduces the cost of software.

2022: Holes found in 150 open systems

On December 1, 2022, it became known that at least 151 Oracle systems are subject to a vulnerability warned by the US Cybersecurity and Infrastructure Protection Agency (CISA).

We are talking about a problem with the CVE-2021-35587 identifier. The company released a patch for this hole back in January 2022, but many Oracle software products are still vulnerable. The fact is that the vulnerability affects the Oracle Fusion Middleware Access Management tool - an enterprise-level single sign-on (SSO) system. The vulnerability allows an attacker who is unauthenticated (Pre-auth) and has access to the network via HTTP to compromise Oracle Access Manager and gain full control over the system. After that, remote execution of arbitrary code can be carried out.

Critical holes found in 150 Oracle open systems

Given that Oracle Access Manager acts as an enterprise-level application that provides a complete set of web perimeter security features and online single sign-on services, this could have serious consequences for victims of hacker attacks, the report said.

The first exploit demonstrating the possibility of exploiting the vulnerability appeared in March 2022. Several other software codes for potential attacks have since been released. And this, according to experts, gives attackers many options for unauthorized entry into other people's IT networks. Experts warn that the bug allows you to fully control the vulnerable system over the network without any authentication. Systems connected to the Internet are most at risk provided that there are exploits. According to GrayNoise, attacks that exploit this vulnerability most often come from the United States, China, Germany, Singapore and Canada.^[1]

2019:37 vulnerabilities fixed

On October 17, 2019, it became known that Oracle had fixed 219 dangerous vulnerabilities in different product lines, more than 140 of which could be exploited by a remotely unauthorized attacker. 19 vulnerabilities were designated critical and rated above 9.0 on the CVSS scale.

Most vulnerabilities have been fixed in the platform for digital business transformation in the enterprise and in the Fusion Middleware cloud - 37 fixes. The free relational management system databases MySQL received 34 vulnerability fixes. The platform Java SE has 20 vulnerabilities fixed.

Other products that have received vulnerability fixes include Construction and Engineering (13 fixes), PeopleSoft applications (13), Oracle Retail (12), risk management platforms (12), Oracle Database (10), virutalization software (11), E-Business Suite (10), Enterprise Manager (7), Oracle Financial Services (7), and Oracle Food and Beverage (7).

Vulnerabilities in Policy Automation (4 fixes), Siebel CRM (4), Oracle Supply Chain (3), GraalVM (3), Oracle Hospitality applications (3), Hyperion (3), Oracle Health Sciences applications (2), Oracle Support Tools (2), JD Edwards (1), and NoSQL Database (1)^[2] have been ^[3].

2015

FSTEC Certification

On December 8, 2015, the Oracle representative office in Russia announced that it had received a certificate from the Federal Service for Technical and Export Control (FSTEC) of Russia for Oracle Fusion Middleware software for the optimized Oracle Exalogic hardware and software complex.

The certificate confirms: Oracle Fusion Middleware platform for Oracle Exalogic is a general-purpose software tool that has built-in means of protecting against unauthorized access to information that does not contain information constituting a state secret. It meets the requirements of the technical specifications. Built-in security tools implement the functions of identification and authentication, access control, registration of security events, information availability.

Oracle Exalogic Elastic Cloud - An optimized appliance designed to maximize the performance, reliability, and scalability of Oracle Fusion Middleware, application consolidation Oracle , and third-party applications. It is compatible with products and Oracle Java other applications, providing low total cost of ownership, reduced risk, high user productivity, and comprehensive support.

Certificates of the Federal Service for Technical and Export Control confirm that customers can use mechanisms built into Oracle products to protect confidential information and personal data in accordance with the requirements of Russian law.

Fusion Middleware family upgraded

On November 2, 2015, Oracle announced the capabilities of the Fusion Middleware family of software.

The release includes hundreds of enhancements to help customers and partners build and leverage dynamic, intelligent business applications, drive innovation, consolidate systems, and maintain business continuity right across the enterprise and cloud.

As part of this release, Oracle announced the largest Oracle WebLogic Server update in a decade and introduced the world's first enterprise-class Java platform designed for cloud use. Other Oracle Fusion Middleware components have been improved, including Oracle BPM Suite, Oracle Data Integration, Oracle SOA Suite, Oracle WebCenter, and Oracle Developer Tools.

Fusion Middleware Innovation

• Oracle WebLogic Server and Oracle Coherence
  • The largest upgrade in Oracle WebLogic Server the last 10 years and important changes Oracle Coherence in offers opportunities to help achieve high availability while consolidating workloads through multiple leases. Product versions include features that support multi-brand architecture, multi-datacenter data centers high availability, and developer innovation with full interoperability Java EE 7 and support. Java SE 8 Organizations access the same platform directly in the enterprise or in the cloud through a service Oracle Java Cloud Service based on. Oracle WebLogic Server

• Oracle Developer Tools
  • To improve developer performance, the new version implements full compatibility with the Java EE 7 platform, including REST, JSON, JMS, WebSockets, etc., as well as support for Java SE 8. Integration between Oracle Coherence and Java SE 8 allows lambda expressions (Lambdas) and streams (Streams) to be used for high-performance dynamic processing of data in RAM. In addition, this version supports the latest DevOps methodology regulations using Arquillian, Docker, Jenkins and Maven tools, as well as WebLogic plug-in partitions that allow DevOps developers to easily move and copy their environment between development and testing environments. In addition, updates to development toolkits such as Oracle Enterprise Pack for Eclipse (OEPE) and JDeveloper allow developers to continue using popular integrated development environments and still use these Oracle Cloud and Oracle Fusion Middleware features. The version has made numerous improvements to Oracle Forms (along with compatibility with Oracle WebLogic Server), integration with other Oracle Fusion Middleware technologies, including Oracle Reports and Oracle BI-Publisher.

• Oracle SOA Suite
  • Oracle SOA Suite offers features that simplify and shorten development time for new integrations and dramatically improve response time. Developers can now improve performance with end-to-end JSON support, as well as the ability to use JavaScript directly in their integration threads. New "in-memory" features significantly improve transaction performance, while optimizing B2B processes further increases transaction speed across business-to-business interactions. The updated Oracle Stream Explorer product offers a simplified, business-centric approach to solve streaming analytics challenges, as well as providing advanced machine learning capabilities. The Business Activity Monitoring component of the Oracle SOA Suite adds specialized features to visualize the analysis results available from the integration streams to better align analytics with user-defined key performance indicators (KPIs). The integration platform also offers new features to maximize uptime, diagnose and configure the integration environment, and ensure that SOA environments are better resilient to abnormal situations and overloads.

• Oracle BPM Suite
  • Among the features of Oracle BPM Suite is the state-of-the-art user interface needed to improve staff productivity, a complete set of REST APIs that allows applications built with any development technology to use Oracle BPM Suite as a mechanism for workflow management, service integration, and process coordination. In addition, with Oracle BPM Suite, you can create hybrid applications between Oracle Process Cloud Service and Oracle BPM Suite, reducing costs and time to market by moving new process operations to the cloud.

• Oracle WebCenter
  • This version offers enhanced user experience for Oracle WebCenter Sites, Oracle WebCenter Portal, and Oracle WebCenter Content components. Oracle WebCenter products now feature a modern user interface, wizard-assisted data integration, customizable visualization options, and full access to enterprise content management features. Oracle WebCenter integrates with Oracle Marketing Cloud to provide advanced capabilities for marketing information, contextual analytics across pages and assets, contextual event conversion, and anonymous user tracking. In addition, this version provides a new WebCenter Content Viewer for Imaging with annotation and editing capabilities, and supports hybrid integration of ECM (Enterprise Content Management) features between WebCenter Content and Oracle Document Cloud Service.

• Oracle Data Integration
  • Oracle Data Integration platform version enhances Big Data capabilities for data integration, data management and control, and data quality. Oracle Data Integrator offers Big Data features that include support for Spark, Pig, and Oozie, as well as new management capabilities to allow customers to support parallel development between distributed sites. Oracle Enterprise Metadata Management now supports the HDFS file system - along with support for Hive, HCatalog, HBase, Impala, Cloudera, Hortonworks and MapR to organize work with Big Data. Oracle Enterprise Data Quality provides multi-lease data matching services to help Oracle Cloud Applications customers provide comprehensive data quality protection. In addition, Oracle Enterprise Data Quality provides complete automation of the generation and deployment of REST Web sites, built-in connectivity to Big Data systems, which further facilitates the integration of enterprise-wide data quality information.