Tag Archives: EPM On Premise

EPM Patch Set Updates – March 2021

The following are the Enterprise Performance Management (EPM) Patch Set Updates (PSU) released last month (March 2021).

The "Patch" ID links will access the patch directly for download from "My Oracle Support" (login required).

Hyperion Product  Link Oracle Hyperion Calculation Manager is Available Link


Oracle Smart View for Office  Link No updates this month  



  • Some patches listed may have been released a few days outside of the stated month.
  • Be sure to review the related Readme files available per Patch Set Update.
  • For the latest Enterprise Performance Management Patch Set Updates visit Oracle Hyperion EPM Products [ Doc ID 1400559.1 ]

To view the patches released over previous months visit the earlier Blog posts:

Oracle Applications Unlimited Extended Through at Least 2032

Oracle Applications Unlimited Extended Through at Least 2032

We are announcing an extension of Applications Unlimited from 2031 to 2032 for our Oracle Applications Unlimited Products; which includes Hyperion Enterprise Performance Management System. Doing so provides customers with more than a decade of ongoing product development, new features, innovations on the Continuous Innovation releases, and continued Oracle Premier Support.

Refer to the Lifetime Support Policy for Oracle Applications.

  • Applications Unlimited is Oracle's commitment to continuous innovation while also providing a commitment to offer Oracle Premier Support through at least 2032.
  • Oracle Premier Support provides comprehensive maintenance and software upgrades for your Application Unlimited products through at least 2032, on the current Continuous Innovation releases.
  • Oracle will deliver new functionality to covered Oracle Applications as updates to the existing Continuous Innovation release, and upgrades will not be required to gain access to new features and capabilities. Fixes and updates are cumulative and will be available to all customers in the most current release.


Commitment to Customers:

  • Oracle Premier Support through at least 2032

Commitment to Innovation:

  • Receive ongoing new features
  • Run same application on-premises or in Oracle Cloud Infrastructure (OCI)

Commitment to Products:

  • Transparent product roadmap
  • Ongoing R&D investment

Key Benefits:

  • Gain peace of mind with no surprises.
  • New features without upgrades.
  • No forced migrations.
  • Ample time for future planning budgeting and allocating resources.
  • Tailor to your enterprise’s business and IT strategies.
  • Get more value from existing application environment.



Oracle Hyperion Calculation Manager is Available

The following Patch Set Update (PSU) has been released for Hyperion Calculation Manager, and available for download from the My Oracle Support > Patches & Updates section:

Oracle Hyperion Calculation Manager PSU Patch 32535657
  Patch Type:

This is a patch set update (PSU).  This patch replaces files in the existing installation and does not require a full installation.

Supported Paths to This Patch:

You can apply this patch to the following releases:

  • (20569991)
  • (20830325)
  • (21284466)
  • (21453167)
  • (22549387)
  • (22806363)
  • (23596012)
  • (25362429)
  • (25775528)
  • (25926429)
  • (27534345)
  • (27780138)
  • (28557058)

All users should clear cached files from their browsers.


Required Patches - Hyperion Planning or higher

Required User Rights - The user applying the patch should be the user who was set up to install and configure EPM System products. Required user privileges or rights:

  • Windows - Use the user account that has Local administrator rights and was set up for installation and configuration. This user is an administrator and is the same for all EPM System products. Assign local policies if required by the product. Such assignments typically are: “Act as part of the operating system, Bypass traverse checking, Log on as a batch job, Log on as a service.”
  • UNIX/Linux:- Use the account that was used to install EPM System products and has Read, Write, and Execute permissions on $MIDDLEWARE_HOME. If you installed other Oracle products, the user who installed EPM System products must be in the same group as the user who installed the other Oracle products. OPatches are not intended to be applied using a root user.
  Defect Fixed in this Release:
  • 32494859 - The Enable flash button in Calculation Manager should not be shown
  Readme File:
  • Refer to the Readme files for information pertaining to the above requirements. The Readme file should also be consulted prior proceeding with the PSU implementation for important information that also includes supported paths, list of defects fixed, additional support information, prerequisites, required rights, details for applying patch and troubleshooting FAQ's.
  • It is important to ensure that the requirements and support paths to this patch are met as outlined within the Readme file.
  • The Readme file is available from the Patches & Updates download screen.


To locate the latest Patch Sets and Patch Set Updates for the EPM products visit the My Oracle Support (MOS) Knowledge Article:
  • Available Patch Sets and Patch Set Updates for Oracle Hyperion Enterprise Performance Management Products (Doc ID 1400559.1)




Advisor Webcast: Financial Reporting Print Service

Register for the following Advisor Webcast!

Financial Reporting Print Service


Wednesday, March 24, 2021 08:00 AM (US Pacific Time)
Wednesday, March 24, 2021 11:00 AM (US Eastern Time)
Wednesday, March 24, 2021 04:00 PM (Central European Time)
Wednesday, March 24, 2021 08:30 PM (India Standard Time)

The details of this Advisor Webcast are found below! You can also visit the Oracle Product Support Advisor Webcasts series page to register for upcoming webcasts and view the replays of any that you may have missed! Description:

This one-hour advisor webcast is recommended for (technical users, functional users, system administrators, Database Administrators, etc.) covering topics FR print service architecture, Installation / configuration, performance tuning and trouble shooting.

Topics Include:
  • Financial Reporting print services architecture
  • Installation and configuration
  • Performance tuning
  • Troubleshooting
  • Questions and Answers


For Additional Information and Registration Details:


ZeroLogon Vulnerability and EPM On-Premises and Cloud

I don’t normally write about Microsoft vulnerabilities and related patches, but this one is important for all Oracle EPM/Hyperion instances…whether on-premises or in Oracle’s EPM SaaS Cloud.

A little background: Vulnerabilities are ranked on a score from 0.1 to 10.0. What I’m about to discuss here is a 10.0, which is the most dangerous score.

The official designation of this particular critter is “CVE-2020-1472”. Independent security research firms, such as Secura, refer to it as ZeroLogon. Microsoft issued a patch for it in August 2020’s “Patch Tuesday”, but the extent of the problem wasn’t fully known at the time. If you want to read the gory details, you can check out Secura’s white paper on the subject. I’ll summarize, in brief:

The vulnerability allows anyone having access to the network to become a Windows Domain Administrator. You don’t even need network credentials if you stroll into the office and plug a device into an Ethernet port. Remote workers, of course, often have the access required. The point being that once the attacker runs the exploit and elevates himself to a domain admin or creates a new domain admin account with a known password, he can cause all sorts of mischief with far-reaching consequences throughout the organization.

Now let’s talk about EPM, starting with on-premises and then moving on to Oracle’s EPM SaaS Cloud (PBC, FCC, etc).

Microsoft Active Directory (“MSAD”) is ubiquitous within the on-premises EPM space. The vast majority of EPM implementations I’ve supported, installed, or health-checked use MSAD for end-user authentication. Hyperion Shared Services and the various EPM components connect to a Windows Domain Controller in order to authenticate end-user login attempts.

Disclaimer: the following paragraph contains theoretical conjecture. We won’t know the effects for sure until an non-patched system is attacked. 

Our fictional attacker, who exploits ZeroLogon, can completely break this. Worse, the attacker could kick the EPM servers out of the domain, making it hard to hop on the EPM servers and troubleshoot why nobody can login.

I have worked with a few customers who use alternatives to Microsoft for end-user authentication, such as Novell eDirectory or other LDAP solutions. By and large, though, there can be a Microsoft Windows Domain lurking somewhere within the network.

They key takeaway here is that EPM system stakeholders should inquire with the IT department and confirm the Domain Controllers have had the August 2020 Microsoft patches applied. I’ve noticed it is a mixed bag “out in the wild”; some organizations patch immediately, while others lag behind…especially during financial Quarter-End or Year-End change freezes.

Now let’s talk Cloud briefly.

Oracle’s EPM SaaS Cloud products for Consolidation, Planning, Account Rec, etc. all share one thing in common: EPMAutomate.

EPMAutomate is the Cloud’s command-line utility used for a variety of tasks: upload data to the Cloud, run it through Data Management, fire off Calculation Rules, download reports and audit logs, and more. EPMAutomate resides on a server under the customer’s control, either on-premises or in a hosted cloud such as AWS, Azure, OCI, etc. The vast majority of EPMAutomate implementations I’ve seen happen to sit on MS Windows servers. (It can be hosted on Linux, and sometimes I witness that variation.)

If EPMAutomate is hosted on MS Windows, and that machine happens to be joined to the MS Windows Domain…well, there’s a possibility your EPM Cloud automation might stop working someday if an intruder bricks your network account or kicks the EPMAutomate host server out of the domain. (Again, I use the word possibility until we see the fallout when it eventually happens.)

2020 has been an awful year thus far, so please do your part not to make it…awful-er. Insist your network domain controllers get patched for “CVE-2020-1472”, included in August 2020 Microsoft Patch Tuesday.

That’s it for this post, but if you’re looking for more reading on EPM 11.2, be sure to check out my white paper, “It’s the Eleventh Hour for Hyperion — Here’s What to Do.”

Cross-posted from EPM On-Prem Pro. Read the original post here.


The post ZeroLogon Vulnerability and EPM On-Premises and Cloud appeared first on Datavail.