Computerworld - Using the National Cyber Alert System, the U.S. Department of Homeland Security this week warned users of critical vulnerabilities in Oracle Corp.'s E-Business Suite 11i and Oracle 11 applications.
The flaws were found for the DHS by Chicago-based security firm Integrigy Corp.
The alert, which was posted by the U.S. Computer Emergency Readiness Team, warned that the vulnerability in the E-Business suite could allow an unauthorized attacker to execute arbitrary script on a vulnerable database system. "Exploitation may lead to compromise of the database application, data integrity or underlying operating system," according to the alert.
All releases of Oracle Applications 11.0 and Oracle E-Business Suite Release 11i and 11.5.1 through 11.5.8 are vulnerable to SQL injection vulnerabilities, Oracle said. Oracle E-Business Suite Release 11.5.9 and later versions aren't vulnerable, according to the alert. All operating systems on which the Oracle software runs are vulnerable to attack using the exploits.
Oracle has issued a patch for the holes; more information is available online (download PDF).
Read more about Malware and Vulnerabilities in Computerworld's Malware and Vulnerabilities Topic Center.
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
