Oracle has patched a critical vulnerability in E-Business Suite that was actively exploited in data theft attacks by the Clop group.
This is a zero-day vulnerability, registered as CVE-2025-61882, which allows remote code execution on affected systems without authentication. The flaw is located in the Concurrent Processing component of Oracle E-Business Suite, in the integration with BI Publisher. According to Oracle, the vulnerability has a CVSS score of 9.8. An attacker can exploit it via the network without a username or password, BleepingComputer reports.
Read more…
Source: Techzine News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- 19-Year Old WinRAR RCE Vulnerability Gets Micropatch Which Keeps ACE Support
February 22, 2019
A micropatch was released to fix a 19-year old arbitrary code execution vulnerability impacting 500 million users of the WinRAR compression tool and to keep ACE support after the app’s devs removed it when they patched the security issue. Nadav Grossman from Check Point Software Technologies was the one who originally found the ACE Path Traversal logical bug in the UNACEV2.DLL library written by ...
- Cisco’s warning: Patch this default Network Assurance Engine password bug
February 13, 2019
Cisco is urging customers to install an update that fixes a high-severity issue affecting its Network Assurance Engine (NAE) for managing data-center networks. The bug, tracked as CVE-2019-1688, could allow an attacker to use a flaw in the password-management system of NAE to knock out an NAE server and cause a denial of service. NAE is an ...
- Snapd Flaw Lets Attackers Gain Root Access On Linux Systems
February 13, 2019
Ubuntu and some other Linux distributions suffer from a severe privilege escalation vulnerability that could allow a local attacker or a malicious program to obtain root privileges and total control over the targeted system. Dubbed “Dirty_Sock” and identified as CVE-2019-7304, the vulnerability was discovered by security researcher Chris Moberly, who privately disclosed it to Canonical, the maker ...
- Siemens Warns of Critical Remote-Code Execution ICS Flaw
February 12, 2019
Siemens has released 16 security advisories for various industrial control and utility products, including a warning for a critical flaw in the WibuKey digital rights management (DRM) solution that affects the SICAM 230 process control system. SICAM 230 is used for a broad range of industrial control system (ICS) applications, including use as an integrated energy system for ...
- Apple releases iOS 12.1.4, fixes iPhone FaceTime spying bug
February 7, 2019
Apple has released iOS 12.1.4. It’s a patch that fixes a bug that allowed users to spy on others by activating a group FaceTime call without the user’s consent. What made this bug so serious was how trivial it was to leverage, and it forced Apple to pull the plug on the feature at the server ...
- Flaw in Multiple Airline Systems Exposes Passenger Data
February 7, 2019
Researchers have discovered that multiple airline e-ticketing systems do not encrypt check-in links. The security faux pas could allow bad actors on the same network as the victim to view – and in some cases even change – their flight booking details or boarding passes. Security researchers at Wandera said that eight airlines have been sending ...