The Onapsis Security Blog

The world of business-critical application security and compliance is dynamic, with new developments happening on a continuous basis. Read our blog posts for recommendations, insights and observations on the latest news for safeguarding your SAP® and Oracle® applications.

Oracle PAYDAY Vulnerabilities

Video: Oracle PAYDAY Vulnerabilities

Oracle E-Business Suite (EBS) critical vulnerabilities from earlier this year are presenting new risk, despite Oracle issuing fixes and thousands of organizations that have not applied the patches remain at risk.

With over 21,000 organizations across the globe using Oracle EBS, Onapsis estimates that over 50% of Oracle EBS customers have not deployed the patches necessary to protect their systems, leaving thousands of organizations at risk. Two attack scenarios involving these vulnerabilities are detailed in the videos below. The first could leave you vulnerable to a malicious user gaining control of your Oracle E-Business Suite, resulting in a user rerouting invoice payments to an attacker’s bank account, leaving no trace. In the second example, a malicious user would be able to create and print forged bank checks through the Oracle EBS check printing process, with the ability to then disable and erase audit logs to hide the activity. Together, these two major vulnerabilities are dubbed the PAYDAY attack scenarios and could be detrimental to your business if you have not patched your system correctly.

Watch the videos below for more information on these attack scenarios and on patching your Oracle EBS system and keeping your organization safe and secure. Learn more by downloading our Oracle EBS PAYDAY vulnerabilities threat report.

ORACLE EBS PAYDAY: MANIPULATING WIRE TRANSFERS

 

 

ORACLE EBS PAYDAY: PRINTING APPROVED CHECKS

 

 

Request a
Business Risk Illustration

Examine the operational risk and cybersecurity posture of your business-critical applications to determine the potential impact of sub-optimal application performance, unplanned downtime and an attack on your organization’s ERP platforms.

Engage