X
Business

Update fixes numerous Oracle security bugs

Database vendor Oracle has corrected a number of serious security bugs with its latest quarterly update.Various versions of several Oracle offerings -- including its database, application server and E-Business Suite -- are affected by the update, according to the company's announcement.
Written by Renai LeMay, Contributor
Database vendor Oracle has corrected a number of serious security bugs with its latest quarterly update.

Various versions of several Oracle offerings -- including its database, application server and E-Business Suite -- are affected by the update, according to the company's announcement.

Security specialist Integrigy, which produces tools for a number of enterprise applications from vendors like Oracle and PeopleSoft, said in a statement the update would correct numerous security bugs.

Integrigy particularly focused on Oracle's E-Business Suite.

"A number of high-risk SQL injection and parameter manipulation security vulnerabilities in the Oracle E-Business Suite are corrected by the security patches released today," said Integrigy. "Customers with Internet-facing implementations of the Oracle E-Business Suite should consider applying these patches as soon as possible."

"It is possible that an attacker with only a Web browser and a network connection (either internally or externally) to Oracle E-Business Suite Web application servers can execute malicious SQL statements in the database as the APPS database account."

The company pointed out the E-Business Suite updates were not cumulative, adding that all previous updates would also need to be applied if users had not done so already.

Oracle's next update is scheduled for 18 October.

Editorial standards