Thousands Of Enterprises At Risk Due To Oracle EBS Critical Flaws – Experts Comments

It has been reported that two critical security vulnerabilities in Oracle’s E-Business Suite (EBS) could allow potential attackers to take full control over a company’s entire enterprise resource planning (ERP) solution. The Oracle EBS improper access control flaws come with CVSS scores of 9.9 out of 10. If successfully exploited in an attack, the two security flaws enable threat actors to avoid detection while printing bank checks and making electronic fund transfers. At the moment, Onapsis’ research team estimates that approximately 50% of all Oracle EBS customers have not yet deployed the patches.


EXPERTS COMMENTS
Robert Ramsden Board, VP EMEA ,  Securonix
November 22, 2019
According to the research, an estimated 50% of all Oracle EBS customers have not deployed a patch despite one being available in April 2019.
The Oracle EBS improper access control flaw should act as a stark remind for enterprises of the importance of patching and updating software, particularly for high severity vulnerabilities and those that impact critical systems, like payments. According to the research, an estimated 50% of all Oracle EBS customers have not deployed a patch despite one being available in April 2019. This points to organisations lacking proper cyber hygiene practices or the inability to detect and prioritise patches. Because of the financial risk involved, it is recommended that companies using Oracle EBS run an immediate assessment to ensure they are not exposed to these vulnerabilities; and in the longer term, make investments into next generation SIEM technology that can make this process easier.
Piyush Pandey, CEO,  Appsian
November 22, 2019
Organizations must take additional steps to enhance their levels of visibility and control over their ERP data.
Unfortunately, hackers are aware that traditional ERP systems lack the granular logging and analytics features required to detect unauthorized activity. Having a vulnerability that exploits a customer who may not be current on their security updates, raises the risk of a data breach exponentially. Organizations must take additional steps to enhance their levels of visibility and control over their ERP data - and all of the user activity taking place around it.

If you are an expert on this topic:

Dot Your Expert Comments

SUBSCRIBE to alert when new comments are posted on this news. :



Join the Conversation

Join the Conversation


In this article