Imperva Discovers Oracle Flaw in Patch

Imperva discovers and helps Oracle address security vulnerability in E-Business Suite

July 17, 2007

1 Min Read
Network Computing logo

FOSTER CITY, Calif. -- WHO:Imperva Application Defense Center (ADC)

WHAT:Discovered a Cross Site Scripting (XSS) vulnerability that affectsthe Oracle E-Business Suite (EBS). This vulnerability can be exploited for stealing sensitive data and executing Phishing attacks. More specifically, data can be stolen from users of the business suite, whether they are employees of the organization that deploys EBS or partners that access it in a self-service mode. Oracle released a Critical Patch Update today that addresses this vulnerability and others. Imperva SecureSphere Database Security Gateway and Web Application Firewall appliances automatically protect Oracle products against this flaw until it is patched. These protection capabilities are outlined in the Imperva Security Advisory entitled "Oracle EBS - XSS Vulnerability".

WHERE:The Oracle Critical Patch Update is located at: Imperva Security Advisory is available at:

WHEN:Oracle released the Critical Patch Update today, July 17th, 2007.

HOW:ADC conducts ongoing research into database security issues, anddiscovered this vulnerability during an in-depth analysis of Oracle E- Business Suite. ADC's research findings are used to enhance the SecureSphere product line with next generation attack detection and protection features.

Imperva Inc.

Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like

More Insights