It has been reported that two critical security vulnerabilities in Oracle’s E-Business Suite (EBS) could allow potential attackers to take full control over a company’s entire enterprise resource planning (ERP) solution. The Oracle EBS improper access control flaws come with CVSS scores of 9.9 out of 10. If successfully exploited in an attack, the two security flaws enable threat actors to avoid detection while printing bank checks and making electronic fund transfers. At the moment, Onapsis’ research team estimates that approximately 50% of all Oracle EBS customers have not yet deployed the patches.
Two highly critical vulnerabilities in Oracle's E-Business Suite could put firms who haven't patched the flaws at risk of their systems getting hacked for illicit payments and other financial fraud. https://t.co/4YhwdMBSAj
— Taslet Security (@TasletCom) November 21, 2019