Oracle patched vulnerabilities that allow potential attackers to access a company’s entire enterprise resource planning solution, but research reports that 50% of over 21,000 organizations that use Oracle EBS for financial management, supply chain management, customer relationship management, and more have not yet deployed the patches. The patches were released in April after they were caught by Onapsis Research Labs.
The Oracle EBS flaws had CVSS scores of 9.9 out of 10 and could enable threat actors to avoid detection while printing bank chacks and making fund transfers online. Onapsis stated that there are at least 10,000 organizations at risk, and that systems exposed to the internet and those on the internal network are equally vulnerable to attack.
Read More: Thousands of Enterprises At Risk Due to Oracle EBS Critical Flaws