At the core of stakes we have: Cross Site Scripting, Denial of Service, Password Disclosure and User Creation attacks.
In effect, Onapsis, billed as the global experts in business-critical
application security has released new security advisories detailing
vulnerabilities in Oracle E-Business Suite and Oracle JD Edwards.
One can observe that, the
advisories are three “critical risk” vulnerabilities for Oracle JD Edwards that
could be used to achieve administrative rights and potentially compromise the
entire JDE landscape.
According to Onapsis,
these vulnerabilities pose a
potential risk to Oracle JD Edwards customers who use JD Edwards 9.1
EnterpriseOne Server software to run their business.
For those who are unfamiliar, Oracle
E-Business Suite manages critical information such as Financial, Human
Resources and Customer data, Project Portfolio Management, Procurement, and
Supply Chain Management; while Oracle's JD Edwards EnterpriseOne is an
integrated applications suite of comprehensive enterprise resource
planning software that combines business value, standards-based
technology, and deep industry experience into a business solution with a low
total cost of ownership.