Tuesday, September 29, 12:17
Home security Oracle E-Business Suite (EBS): vulnerabilities discovered

Oracle E-Business Suite (EBS): vulnerabilities discovered

If your business is based on Oracle's E-Business Suite (EBS), make sure you have recently updated and are running the latest version of the software.

Oracle E-Business Suite (EBS)

In a report released by cybersecurity company Onapsis, the company today unveiled technical details on vulnerabilities in Oracle's E-Business Suite (EBS), a comprehensive group of applications designed to automate the operations of CRM, ERP and SCM for organizations.

The two vulnerabilities, described as "BigDebIT" and rated 9,9, were fixed by Oracle in a critical code update (CPU) released earlier this January. However, the company said about 50 percent of Oracle EBS customers have not yet developed patches.

Security vulnerabilities could be exploited by hackers to target accounting tools such as General Ledger in an attempt to steal sensitive information and commit financial fraud.

According to the researchers, “an unauthorized hacker it could carry out an automated operation in the General Ledger section to extract data from a company (such as cash) and modify the spreadsheets without leaving any traces. ”

"Successful exploitation of this vulnerability would allow an intruder to steal financial data and cause delays in any financial report related to the compliance procedures of a companyThe researchers added.

It is worth noting that the BigDebIT attack vectors "add" to the already mentioned PAYDAY vulnerabilities in EBS that were discovered by Onapsis three years ago, with Oracle releasing a series of updates by April 2019.

Having been identified as CVE-2020-2586 and CVE-2020-2587, the new defects are found in the Oracle Human Resources Management System (HRMS) in a component called Hierarchy Diagrammer, which allows users to create organograms related to a business. But in combination, they can be used even if EBS customers have updated their systems with updates released in April 2019.

"The difference is that with these code updates, it is confirmed that even systems that are up to date are vulnerable to these attacks, and therefore priority should be given to installing the CPU in January," the company said in a statement. in January.

One consequence of these errors, if not reported, is the possibility of financial fraud and theft of a company's confidential information.

Oracle General Ledger is an automated software financial processing which acts as a repository of accounting information and is offered as part of the E-Business Suite, the company's comprehensive line of applications - covering corporate resource planning (ERP), supply chain management (SCM), and customer relationship management (CRM) - that users can apply to their own businesses.

General Ledger is also used to create corporate financial reports.

An intruder could exploit any of the defects and modify critical elements in a company's balance sheet.

The news has not yet been officially confirmed by the company.


Please enter your comment!
Please enter your name here

Teo Ehc
Teo Ehchttps://www.secnews.gr
Be the limited edition.


$ 6,85 million fine in Premera for data breach

A fine of 6,85 million dollars has been imposed on Premera Blue Cross, an insurance company based in Washington, for a data breach ...

US: Hacking electoral systems will be considered a federal crime

US lawmakers unanimously approved a bill to defend the integrity of electoral systems, which provides that ...

Canadians do not trust companies that have been violated

As the results of a new research showed, a data breach in a company, can have a significant and long-term impact on reliability ...

Hacker uploaded files to the sites of WHO, UNESCO and other organizations

A hacker managed to upload PDF files to sites of well-known organizations, including the World Health Organization (WHO) and UNESCO.

The 4 largest shipping companies in the world are victims of cyberattacks

Another shipping company was attacked by a cyber. The French CMA CGM was attacked by ransomware, which means that now ...

The price of stolen RDP passwords is reduced

Cybercriminals reduce the value of RDP passwords. This move indicates how leaked usernames and ...

How to change the "server region" in Discord

Discord automatically selects a server region through which it routes your voice communications. However, you may find that the choice ...

Violations of the banking code are on the rise

The two most common obligations of the Code of Banking Practice, which are violated more often by financial institutions, are privacy and ...

How to control which CPU your Mac uses

The Central Processing Unit (CPU) is the control unit of your Mac. Its features determine how quickly your information is processed by ...

NASA: Looking for ideas for continuing missions in the dark

NASA wants ideas to continue missions to the moon in the dark, something that could be the key to ...