how to manage oracle ebs security

Identifying E-Business Suite 12.2 CPU Patches and Security Fixes Using the ECPUC Tool

A valuable new utility, EBS Critical Patch Update Checker (ECPUC), was released with the July 2023 CPU (Critical Patch Update). This utility brings some valuable functionality to your Oracle E-Business Suite environment. It is highly recommended that you incorporate ECPUC into your system to benefit from the following features:

  1. Accurately assess your EBS environment’s current CPU patch level.
  2. Identify any necessary EBS CPU patches and essential security fixes required for your specific environment.

ECPUC is available with Patch 35583866. Instructions for running ECPUC are documented in the README.txt file included with the patch.

Patch 35583866

E-Business Suite Critical Patch Update Checker (ECPUC):

ECPUC.sql should be run on any EBS 12.2 environments to identify missing patches that are in the latest EBS CPU. The checker generates the report ECPUC.lst that lists all the recommended EBS CPU patches and security fixes for your environment.

Usage Tips Related to EBS Critical Patch Update Checker (ECPUC)

Note: The README file for this patch includes a number of usage scenarios and examples. Always use the latest version of ECPUC. New EBS CPU patches and fixes will not be checked by older versions of the utility.

As part of you quarterly CPU patching activity:

  • Run ECPUC before applying EBS CPU patches and fixes to identify the patches and bug fixes that are required for your EBS R12.2 environment.
  • Apply all recommended patches as soon as possible.If ECPUC reports recommended patches or fixes, you should apply these to EBS R12.2 environment as soon as possible.
  • Run ECPUC after applying EBS CPU patches and fixes. It is recommended that you run ECPUC after applying patches in non-production and performing cutover to confirm that all recommended patches and fixes were applied successfully.
  • Run ECPUC to review and report on EBS CPU level. To check the EBS CPU level in your EBS environment, run ECPUC and review the ECPUC.lst report to determine EBS CPU level and identify any recommended patches.

Steps to Run ECPUC

  1. Log in to the primary EBS application tier node as the EBS owner.
  2. On the primary EBS application tier node, source the run environment.
    For example:  $ EBSapps.env run
  3. Download and unzip the latest ECPUC provided with Patch 35583866.
  4. Change the directory to the unzipped patch location and run ECPUC.sql while connected as APPS to the database.
    For example:  SQL> @ECPUC.sql
    SECTION-3: Provides the Required EBS CPU and Security Fixes

    • The following patches are required for this EBS CPU:
    • 35385938:12.2.0
    • 35181823:R12.FWK.C
    • 34744189:R12.BNE.C
    • 35355008:R12.BNE.C
    • 32004048:R12.OKC.C
    • 32636526:R12.HZ.C
    • 33254661:R12.WSH.C
    • 33457157:R12.HXT.C
    • 33457157:R12.HXT.C
    • 34904578:R12.CSR.C
  5. Review the ECPUC.lst output from above to determine the following:
    1. ECPUC version
    2. EBS CPU level for your environment
    3. Patches and security fixes that need to be applied to your environment
  6. After applying patches reported in ECPUC.lst, run ECPUC again to confirm the patches have been applied to EBS environment.

Note: It is essential to apply patches and fixes to non-production environments first before promoting them to the production environment.


  • Identifying the Latest Critical Patch Update for Oracle E-Business Suite Release 12 (MOS Note 248400.1)
  • Oracle E-Business Suite Release 12 Critical Patch Update (July 2023) (MOS Note 2953580.1)
  • Oracle E-Business Suite Security Guide, Release 12.2 – Secure Configuration
  • Secure Configuration Guide for Oracle E-Business Suite Release 12 (MOS Note 403537.1)
  • FAQ: Oracle E-Business Suite Security (MOS Note 2063486.1)


A new utility, EBS Critical Patch Update Checker (ECPUC) was released with the July 2023 CPU. We strongly recommend that you run ECPUC against your EBS environment to identify your current EBS CPU patch level and identify any required CPU patches and security fixes. Don’t miss out on this valuable tool to enhance the security and performance of your EBS environment!

Whenever a new Critical Patch Update is released, the Syntax Oracle EBS technical teams are ready to analyze our clients’ systems and recommend the best path to stay on an actively supported version and how to apply all security patches promptly and ensure the customer’s Oracle EBS systems remain protected.