Oracle E-Business Suite (EBS) critical vulnerabilities from earlier this year are presenting new risk, despite Oracle issuing fixes and thousands of organizations that have not applied the patches remain at risk.
With over 21,000 organizations across the globe using Oracle EBS, Onapsis estimates that over 50% of Oracle EBS customers have not deployed the patches necessary to protect their systems, leaving thousands of organizations at risk. Two attack scenarios involving these vulnerabilities are detailed in the videos below. The first could leave you vulnerable to a malicious user gaining control of your Oracle E-Business Suite, resulting in a user rerouting invoice payments to an attacker’s bank account, leaving no trace. In the second example, a malicious user would be able to create and print forged bank checks through the Oracle EBS check printing process, with the ability to then disable and erase audit logs to hide the activity. Together, these two major vulnerabilities are dubbed the PAYDAY attack scenarios and could be detrimental to your business if you have not patched your system correctly.
Watch the videos below for more information on these attack scenarios and on patching your Oracle EBS system and keeping your organization safe and secure. Learn more by downloading our Oracle EBS PAYDAY vulnerabilities threat report.
ORACLE EBS PAYDAY: MANIPULATING WIRE TRANSFERS
ORACLE EBS PAYDAY: PRINTING APPROVED CHECKS