Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
Processing registration... Please wait.
This process can take up to a minute to complete.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Imperva chief technology officer Amichai Shulman claimed that the fact that Oracle has issued 33 patches - ten of which are sealing vulnerabilities in Oracle's database server offering - indicates the severity of the problem.The patches affect Oracle's Application Server, Secure Backup, Identity Management, E-Business Suite, Enterprise Manager, WebLogic Server and JRockit, as well as PeopleSoft and Siebel tools.Shulman noted that two of the flaws in Oracle's Secure Backup earned scores of nine and ten out of ten on the CVSS risk rating. The JRockit flaw also scored a ten."The scale of the problem is such that, if companies do not patch, then they could end up leaking customer account data, including credit and debit card details, to hackers on remote access,” said Shulman.He further claimed that two vulnerabilities on the Oracle database server are remotely exploitable without any authentication being required. This is not unheard of, but it does indicate that there is a vulnerability in the network protocol layer.Shulman explained that these vulnerabilities mean a hacker can attack the database without authenticating to the system or logging in, meaning that a major attack could go undetected by the IT manager of the system concerned.Shulman said: “Worryingly, since the E-Business suite touches and transacts a lot of critical data - including the usual suspects such as social security numbers, debit/credit cards and so on - as well as important corporate information, including customer lists or financials, this could result in data leaking out without any knowledge on the part of the IT managers concerned.“It's very important, therefore, that anyone using Oracle products visit the software company's portal and update their applications, as a failure to patch could result in a very serious data leakage situation.” See original article on scmagazineuk.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.