New Oracle security flaws facilitate data leaks according to Imperva

Burlington, MA & Redwood Shores, CA, (PresseBox) - The hacker attacks on Web sites in South Korea - which spilled over to selected US government sites last week - were almost certainly orchestrated by hackers sympathetic to North Korea, but the attacks could have been organised by anyone with a modest budget, says Imperva, the data security specialist.

A raft of Oracle security flaws - which were fixed on Wednesday of this week - are potentially serious and, as a result, Imperva, the data security specialist, is recommending that all users of Oracle's software products should patch their applications without delay.

According to Amichai Shulman, Imperva's chief technology officer, the fact that Oracle has issued 33 patches - 10 of which are sealing vulnerabilities in Oracle's database server offering - indicates the severity of the problem.

"The scale of the problem is such that, if companies do not patch, then they could end up leaking customer account data, including credit and debit card details, to hackers on remote access," he said.

"The patches affect Oracle's Application Server, Secure Backup, Identity Management, E-Business Suite, Enterprise Manager, WebLogic Server and JRockit, as well as PeopleSoft and Siebel tools," he added.

Shulman noted that two of the flaws in Oracle's Secure Backup earned scores of 9.0 and 10.0 - out of 10.0 - on the CVSS risk rating. The JRockit flaw also scored a 10.0.

Two vulnerabilities on the Oracle database server, he explained, are remotely exploitable without any authentication being required.

This is, he says, not unheard of but always interesting, as it indicates a vulnerability in the network protocol layer.

Shulman went on to say that these vulnerabilities mean a hacker can attack the database without authenticating to the system or logging in, meaning that a major attack could go undetected by the IT manager of the system concerned.

According to the Imperva CTO, the number of vulnerabilities in the Oracle eBusiness suite - one of the remotely exploitable flaws not requiring authentication - remains consistent with previous releases.

"Worryingly, since the eBusiness suite touches and transacts a lot of critical data - including the usual suspects such as social security numbers, debit/credit cards and so on - as well as important corporate information, including customer lists or financials, this could result in data leaking out without any knowledge on the part of the IT managers concerned," he said.

"It's very important, therefore, that anyone using Oracle products visit the software company's portal and update their applications, as a failure to patch could result in a very serious data leakage situation," he added.

For more on the Oracle security flaw fiesta:
For more on Imperva:

Imperva Inc.

Imperva, the Data Security leader, enables a complete security lifecycle for business databases and the applications that use them. Over 4,500 of the world's leading enterprises, government organizations, and managed service providers rely on Imperva to prevent sensitive data theft, protect against data breaches, secure applications, and ensure data confidentiality. The award-winning Imperva SecureSphere is the only solution that delivers full activity monitoring from the database to the accountable application user and is recognized for its overall ease of management and deployment. For more information, visit

Press releases you might also be interested in

Weitere Informationen zum Thema "Sicherheit":

Moderne Ransomware erfordert neue Security-Ansätze

Die Ran­som­wa­re-An­grif­fe der letz­ten Mo­na­te soll­ten Un­ter­neh­men vor Au­gen ge­führt ha­ben, dass ih­re Si­cher­heits­in­fra­struk­tur mo­der­nen An­grif­fen nicht mehr stand­hält. Un­ge­patch­te Sys­te­me di­en­ten als An­griffs­vek­tor für glo­ba­le In­fek­ti­ons­wel­len durch Er­pres­sung­stro­ja­ner und auch be­ste­hen­de Si­cher­heits-Tools kön­nen nur dann grei­fen, wenn sie auf dem ak­tu­el­len Stand sind. Nach der Scha­dens­be­sei­ti­gung durch die jüngs­ten An­grif­fe müs­sen Un­ter­neh­men über­den­ken, wie sie ih­re be­hä­b­i­ge Netz­werk­si­cher­heit er­höhen kön­nen.


Subscribe for news

The subscribtion service of the PresseBox informs you about press information of a certain topic by your choice at a choosen time. Please enter your email address to receive the email with the press releases.

An error occurred!

Thank you! You will receive a confirmation email within a few minutes.

I want to subscribe to the gratis press mail and have read and accepted the conditions.