Oracle has issued a critical security patch for its E-Business Suite software two months ahead of the company’s next scheduled security update.
The patch fixes a number of vulnerabilities in the Oracle Diagnostics troubleshooting component of E-Business Suite 11i.
The problems are understood to relate to Oracle Diagnostics web pages and to Java classes included with the software, which could be used inappropriately by an attacker. According to software consulting firm Integrity, the issue with the Oracle diagnostics is that some of them can be executed without any authentication.
Oracle has been issuing quarterly security updates for about a year, and it is believed the latest vulnerability is serious enough to prompt issuing the latest patch early and to speed up adoption. Oracle's next security update is scheduled for 18 April.
Not so long ago, Oracle’s security would have been a non-issue among the security community. Now, its applications are under the spotlight, and will be for some time until the company is seen to be more overtly security-focused.