Security Advisory

CVE-2022-21500 Analysis and Recommendations

Read more about CVE-2022-21500 Analysis and Recommendations

Oracle released an out-of-cycle security alert on May 19, 2022 for Oracle E-Business Suite (EBS) to address an information disclosure security vulnerability. The vulnerability is being actively exploited in externally accessible Oracle EBS...

Log4j Vulnerabilities Impact On Oracle E-Business Suite Analysis

Read more about Log4j Vulnerabilities Impact On Oracle E-Business Suite Analysis

Multiple significant security vulnerabilities (CVE-2021-44228, CVE-2021-45046, and CVE-2021-4104) have been disclosed and patched in the popular Java logging library Apache Log4j. This library is installed in Oracle E-Business Suite (EBS)...

Oracle EBS SYS.DUAL PUBLIC Privileges Security Issue Analysis (CVE-2015-0393)

Read more about Oracle EBS SYS.DUAL PUBLIC Privileges Security Issue Analysis (CVE-2015-0393)

Oracle E-Business Suite environments may be vulnerable due to excessive privileges granted on the SYS.DUAL table to PUBLIC. This security issue has been resolved in the January 2015 Oracle Critical Patch Update (CPU) and has been assigned the...

SSLv3 POODLE (CVE-2014-3566) Vulnerability and Oracle E-Business Suite Impact

Read more about SSLv3 POODLE (CVE-2014-3566) Vulnerability and Oracle E-Business Suite Impact

Oracle E-Business Suite environments may be vulnerable to the recently disclosed “POODLE” SSLv3 vulnerability (CVE-2014-3566) depending on where SSL termination is performed for the application. Integrigy believes this to be a low to medium...

Oracle E-Business Suite is Vulnerable to Bash Shellshock (CVE-2014-6271/CVE-2014-7169)

Read more about Oracle E-Business Suite is Vulnerable to Bash Shellshock (CVE-2014-6271/CVE-2014-7169)

All Oracle E-Business Suite environments are vulnerable to the “Shellshock” Bash vulnerabilities (CVE-2014-6271 and CVE-2014-7169) if the underlying operating system has not been patched for these vulnerabilities. Integrigy believes this to be...

OpenSSL Heartbleed (CVE-2014-0160) and Oracle E-Business Suite Impact

Read more about OpenSSL Heartbleed (CVE-2014-0160) and Oracle E-Business Suite Impact

Oracle E-Business Suite environments may or may not be vulnerable to the “Heartbleed” OpenSSL vulnerability (CVE-2014-0160) depending on the deployment architecture. Oracle has released guidance in Oracle Support Note ID 1645479.1 “OpenSSL...

FND_GFM Vulnerability

A coding error in the FND_GFM database package permits anyone access to execute any SQL statements or database packages under the APPS account. Integrigy Security Advisory...

Tags

Oracle E-Business Suite

Security Advisory

Read more about FND_GFM Vulnerability
Log in to post comments

Oracle Database Buffer Overflows and Oracle Applications

Several buffer overflows have been discovered in the Oracle database. These buffer overflows can be exploited from within the Oracle E-Business Suite. All Oracle E-Business Suite implementations should apply the patches described in Oracle...

Tags

Oracle E-Business Suite

Security Advisory

Read more about Oracle Database Buffer Overflows and Oracle Applications
Log in to post comments

Using Database Functions in SQL Injection Attacks

Many web applications are vulnerable to SQL injection attacks that make use of database functions. Any dynamic SQL statement that uses un-validated end-user string input can be exploited by this type of SQL injection attack. This specific type of...

Tags

Oracle E-Business Suite

Security Advisory

Read more about Using Database Functions in SQL Injection Attacks
Log in to post comments

Oracle Database Function Buffer Overflows – Additional Information

Buffer overflows have been discovered in a number of Oracle standard database functions. An attacker can readily exploit these buffer overflows to gain access unauthorized access to the database server or cause a denial of service attack against...

Tags

Oracle E-Business Suite

Security Advisory

Read more about Oracle Database Function Buffer Overflows – Additional Information
Log in to post comments

CVE-2022-21500 Analysis and Recommendations

Log4j Vulnerabilities Impact On Oracle E-Business Suite Analysis

Oracle EBS SYS.DUAL PUBLIC Privileges Security Issue Analysis (CVE-2015-0393)

SSLv3 POODLE (CVE-2014-3566) Vulnerability and Oracle E-Business Suite Impact

Oracle E-Business Suite is Vulnerable to Bash Shellshock (CVE-2014-6271/CVE-2014-7169)

OpenSSL Heartbleed (CVE-2014-0160) and Oracle E-Business Suite Impact

FND_GFM Vulnerability

Oracle Database Buffer Overflows and Oracle Applications

Using Database Functions in SQL Injection Attacks

Oracle Database Function Buffer Overflows – Additional Information

Products & Services

Security Resources

About Integrigy

Sales Inquiries

General Questions

Subscribe to the Integrigy's Newsletter