A security vulnerability in Oracle’s
E-Business Suite could put users at risk of arbitrary script execution, according to a warning from the U.S. Computer Emergency Response Team (US-CERT).
In an advisory issued late Tuesday, US-CERT said an unauthenticated attacker could exploit the flaw to execute arbitrary SQL statements on the vulnerable system with the privileges of the Oracle server process. “In addition to compromising the integrity of the database information, this may lead to the compromise of the database application and the underlying operating system,” the group cautioned.
The vulnerability affects Oracle Applications 11.0 (all releases) and Oracle E-Business Suite 11i and 11.5.1 through 11.5.8.
The Oracle E-Business Suite is a set of widely deployed applications and modules used by enterprises to manage customer activity and deliver services like product shipment, payment collection and other database-driven tasks.
The company has patches to fix the problems.