By Kelly Jackson Higgins
Researchers today issued security advisories for eight vulnerabilities, some of them critical, in a popular Oracle enterprise resource planning (ERP) application — but they don’t expect many users to actually apply the patches for them.The flaws discovered by researchers at security firm Onapsis range from holes that could allow an attacker to access all business information and files, query for passwords, and alter business information processed by the ERP, basically taking complete control of the system. Patches for the vulnerabilities were included in Oracle’s latest Critical Patch Update release, and these are the first public details of the flaws. Continue reading New Oracle ERP Vulnerabilities Unmasked
Summary: The most serious of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.
Oracle’s first batch of critical patch updates for 2012 will be super-sized: 79 new security vulnerability fixes across hundreds of Oracle products.
The security fixes, scheduled for next Tuesday (January 17, 2012), will cover holes in the flagship Oracle Database 11g, Oracle Fusion Middleware 11g, Oracle Application Server 10g and numerous additional products and components. Continue reading Oracle to patch 79 DB server vulnerabilities