Six Unpatched Flaws in Oracle Database Products
Ryan Naraine writes in eWeek:
A German database security outfit on Tuesday went public with information on six unpatched vulnerabilities—some rated critical—in Oracle Forms and Oracle Reports, two widely deployed enterprise-facing products.
Red-Database-Security GmbH, a company that specializes in Oracle security audits, warned that the most serious flaw could allow a malicious hacker to use a Web browser to overwrite any file on a vulnerable application server.
Alexander Kornbrust, founder and CEO of Red-Database-Security, said three of the flaws are deemed "critical" because of the high risk they present to businesses using the affected products.
In an interview with Ziff Davis Internet News, Kornbrust said he decided to publicly release the information after waiting more than 700 days for Oracle to address the issues.
0 Comments:
Post a Comment
<< Home