Security News > 2020 > June > Oracle E-Business Suite Flaws Let Hackers Hijack Business Operations

If your business operations and security of sensitive data rely on Oracle's E-Business Suite, make sure you recently updated and are running the latest available version of the software.

It's worth noting that the BigDebIT attack vectors add to the already reported PAYDAY vulnerabilities in EBS discovered by Onapsis three years ago, following which Oracle released a series of patches as late as April 2019.Targeting General Ledger for Financial Fraud Tracked as CVE-2020-2586 and CVE-2020-2587, the new flaws reside in its Oracle Human Resources Management System in a component called Hierarchy Diagrammer that enables users to create organization and position hierarchies associated with an enterprise.

Oracle General Ledger is an automated financial processing software that acts as a repository of accounting information and is offered as part of E-Business Suite, the company's integrated suite of applications - spanning enterprise resource planning, supply chain management, and customer relationship management - that users can implement into their own businesses.

The Importance of Patching Critical Software Given the financial risk involved, it is highly recommended that companies using Oracle EBS run an immediate assessment to ensure they are not exposed to these vulnerabilities, and apply the patches to fix them.

"If organizations have internet-facing Oracle EBS systems, the potential threat likelihood would be significantly magnified. Organizations under attack will be unaware of the attack and not know the extent of the damage until evidence is found by a very extensive internal or external audit."

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/ymN0bZ7Q76Q/oracle-e-business-suite.html