Oracle eBusiness Suite R12 security violation issue - Blog - Ahmed Baraka DBA

Ahmed Baraka DBA
Go to content

Main menu:

Oracle eBusiness Suite R12 security violation issue

Ahmed Baraka DBA
Published by in Oracle DBA ·
Today we have been informed about an Oracle eBusiness Suite security violation issue.
By knowing and entering a valid URL, a user is able to access pages that are out of their reach in terms of permissions. For example, accessing the HR system, a normal user should only be able to access their information on the pages granted to them, however, if the URL for the index of users within that system is known, a user is able to gain access to that page and view all of the users in that page, possibly even edit/delete/update information. 



No comments


Back to content | Back to main menu