Email
Password
Remember meForgot password?
    Log in with Twitter

article imageOracle EBS flaws leave half of customers exposed Special

By Tim Sandle     Nov 22, 2019 in Technology
An estimated 10,000 enterprises worldwide are at serious risk of financial fraud thanks to critical security vulnerabilities in Oracle EBS software, notes commentator Piyush Pandey.
The Oracle EBS software flaws could allow potential attackers to take full control over a company's entire enterprise resource planning (ERP) solution, exposing them to fraud and possible GDPR, CCPA and HIPAA violations. Oracle has warned of flaws in E-Business suite Two serious security vulnerabilities on Oracle's E-Business Suite could enable an attacker to run malicious code on an E-Business, according to IT Portal.
Oracle E-Business Suite (EBS) is an Internet-enabled product that can be managed from a single site, providing an integrated set of business applications for automating customer relationship management, enterprise resource planning and supply chain management processes within business organizations.
The Register reports that security company Onapsis estimates that up to half of all companies using the Oracle EBS software have not yet patched CVE-2019-2648 and CVE-2019-2633, this is despite fixes for both bugs having been issued back in April 2019.
The extent of the flaws has been picked up Piyush Pandey, CEO of ERP data security leader Appsian. He notes that says that ERP systems are particularly vulnerable to hacks, telling Digital Journal: "Unfortunately, hackers are aware that traditional ERP systems lack the granular logging and analytics features required to detect unauthorized activity."
He also boils down on the seriousness of the issue: "Having a vulnerability that exploits a customer who may not be current on their security updates, raises the risk of a data breach exponentially. Organizations must take additional steps to enhance their levels of visibility and control over their ERP data - and all of the user activity taking place around it.”
More about Oracle EBS, Data breach, Cybersecurity
 
Latest News
Top News