Imperva Alerts of Vulnerabilities in Oracle Software

A bunch of vulnerabilities in Oracle software that were patched on July 15, 2009 poses serious risks; therefore, data security firm 'Imperva' is advising every Oracle user to patch his/her programs at the earliest, as reported by SecurityWatch on July 15, 2009.

Amichai Shulman, Chief Technology Officer, Imperva, said - Oracle has developed 33 security patches to repair its products. 10 of 33 security patches plug holes in its database server utility, suggesting how serious the problem is, as reported by SecurityWatch on July 15, 2009.

The CTO further said that the problem could lead to serious consequences; for instance - if organizations did not apply the patches, then it could lead them into experiencing leakage of consumer account data like debit/credit cards details to unexpected hackers accessing computers remotely.

In other words, hackers or online criminals using malicious codes such as computer trojans or other malware could effortlessly gain unauthorized access to an organizations' data.

Shulman pointed out that of the total vulnerabilities, two within the Secure Backup application of Oracle received 9.0 and 10.0 marks out of an aggregate of 10.0 on the CVSS scale of threat scoring. The JRockit vulnerability also earned a 10.0 mark.

Moreover, Oracle's security bulletin contains 5 new patches that address flaws in its BEA WebLogic server.

It patches two vulnerabilities within Oracle Application Server, exposing the HTTP Server and the Security Developer Tools of Oracle to attack. Hackers could remotely exploit these vulnerabilities without any verification or even exploit them through a network, devoid of a username and password, Oracle stated.

Continuing further, Shulman said that the flaws imply a hacker could view the database devoid of logging into the system or fulfilling authentication, implying that the system administrator could miss detecting a major assault.

In other words, malware might be planted on an organization's database allowing remote transmission of the data to somewhere else with no knowledge about it to the IT department, or if the data scanner is not turned on. Malware is easily infiltrating the organization's database, sufficiently allowing spread of the same through the organization's own network.

Related article: Inappropriate IT Decisions Leads to Security Dangers

» SPAMfighter News - 8/5/2009