Oracle’s E-Business Suite (EBS) was informed about two critical security vulnerabilities in their software that could give attackers full control over a company’s enterprise resource planning (ERP) solution. These vulnerabilities were discovered by Onapsis back in December 2018 and also helped create a patch that was released in April 2019.

Oracle’s Vulnerabilities can lead to financial fraud:

The Common Vulnerability Scoring System (CVSS) score of the Oracle EBS system is 9.9 out of 10. If an attacker successfully exploits this vulnerability, they can print bank checks and make electronic funds transfer without any detection.

Organisations Using Oracle’s EBS could be Facing Major Financial Risk
Organisations Using Oracle’s EBS could be Facing Major Financial Risk

According to Onapsis’ research team, 50% of Oracle EBS customers haven’t installed the April patch, which makes them vulnerable to attacks. As many as 10,000 organizations are the risk of financial frauds Onapsis’ research team and the worst part is, detecting them would be nearly impossible.

How can attackers use these vulnerabilities?

According to Onapsis, two ways attackers can leverage the flaws are –

  • Attackers can change approved EFTs in the EBS system to reroute invoice payments to an attacker’s bank account and that too without leaving any trace.
  • An attacker can create and print bank checks using the Oracle EBS check printing process. Then disable and erase any audit log to cover their tracks.

Attackers can also steal sensitive information:

Attackers can use Oracle EBS vulnerability to gain access to personal and business financial information such as bank account and credit card details. They can also alter or delete their data and even carry out illegal transactions using their account. Once this information is leaked, the attacker can exploit user information in as many ways as they want.

The worst part is once the attacker steals the money and information, there is no way the enterprise can reverse the effect. Plus, the only to be safe from the attack is to either install the patch or delete the software.


Please enter your comment!
Please enter your name here