Vendor says hackers could take advantage of flaws in its E-business suite and database server.
Database and enterprise application vendor Oracle is warning customers of two new vulnerabilities in its E-business suite and a third in its database that could be exploited by hackers.
If not patched, the two security flaws in Oracle's E-Business Suite could let hackers install and run malicious code of their choice on the E-Business Suite server, the company says. Oracle has ranked both of these flaws as "high risk." One flaw is within the suite's Java Server Pages within the AOL/J Setup Test Suite for its E-Business Suite. This flaw could allow an attacker to view server configuration information that could be used to hack the suite.
A second flaw is located in the suite's FNDWRR component. FNDWRR contains a buffer overflow vulnerability that could enable an attacker to crash the program and potentially run malicious code, the company says.
Oracle also is warning of a less serious flaw, a buffer overflow, in its database server. This flaw could enable an attacker to run malicious code on an unpatched system. However, Oracle says the flaw is unlikely to be exploited by a remote attacker; the greatest risk is that the system will be attacked by a corporate insider. Oracle has ranked this flaw as a low risk.
Oracle has detailed information on these vulnerabilities and patches to fix the flaws available here.
Building A Mobile Business MindsetAmong 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps – and it's past time for those with no plans to get cracking.
Top IT Trends to Watch in Financial ServicesIT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Join us for a roundup of the top stories on InformationWeek.com for the week of October 9, 2016. We'll be talking with the InformationWeek.com editors and correspondents who brought you the top stories of the week to get the "story behind the story."