If your business operations and security of sensitive data rely on Oracle’s E-Business Suite (EBS), make sure you recently updated and are running the latest available version of the software.
In a report released by enterprise cybersecurity firm Onapsis and shared with The Hacker News, the firm today disclosed technical details for vulnerabilities it reported in Oracle’s E-Business Suite (EBS), an integrated group of applications designed to automate CRM, ERP, and SCM operations for organisations.
The two vulnerabilities, dubbed “BigDebIT” and rated a CVSS score of 9.9, were patched by Oracle in a critical patch update (CPU) pushed out earlier this January. But the company said an estimated 50 percent of Oracle EBS customers have not deployed the patches to date.
The security flaws could be exploited by bad actors to target accounting tools such as General Ledger in a bid to steal sensitive information and commit financial fraud.
According to the researchers, “an unauthenticated hacker could perform an automated exploit on the General Ledger module to extract assets from a company (such as cash) and modify accounting tables, without leaving a trace.”
images from Hacker News