The Oracle EBS software flaws could allow potential attackers to take full control over a company’s entire enterprise resource planning (ERP) solution, exposing them to fraud and possible GDPR, CCPA and HIPAA violations. Oracle has warned of flaws in E-Business suite Two serious security vulnerabilities on Oracle’s E-Business Suite could enable an attacker to run malicious code on an E-Business, according to IT Portal.
Oracle E-Business Suite (EBS) is an Internet-enabled product that can be managed from a single site, providing an integrated set of business applications for automating customer relationship management, enterprise resource planning and supply chain management processes within business organizations.
The Register reports that security company Onapsis estimates that up to half of all companies using the Oracle EBS software have not yet patched CVE-2019-2648 and CVE-2019-2633, this is despite fixes for both bugs having been issued back in April 2019.
The extent of the flaws has been picked up Piyush Pandey, CEO of ERP data security leader Appsian. He notes that says that ERP systems are particularly vulnerable to hacks, telling Digital Journal: “Unfortunately, hackers are aware that traditional ERP systems lack the granular logging and analytics features required to detect unauthorized activity.”
He also boils down on the seriousness of the issue: “Having a vulnerability that exploits a customer who may not be current on their security updates, raises the risk of a data breach exponentially. Organizations must take additional steps to enhance their levels of visibility and control over their ERP data – and all of the user activity taking place around it.”