{"id":31930,"date":"2019-11-20T21:52:00","date_gmt":"2019-11-20T21:52:00","guid":{"rendered":"https:\/\/www.darkreading.com\/application-security\/patch-easily-exploitable-oracle-ebs-flaws-asap-onapsis\/d\/d-id\/1336421"},"modified":"2019-11-20T21:52:00","modified_gmt":"2019-11-20T21:52:00","slug":"patch-easily-exploitable-oracle-ebs-flaws-asap-onapsis","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/patch-easily-exploitable-oracle-ebs-flaws-asap-onapsis\/","title":{"rendered":"Patch &#8216;Easily Exploitable&#8217; Oracle EBS Flaws ASAP: Onapsis"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/twimgs.com\/nojitter\/darkreading\/dr-logo.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<header>\n<\/header>\n<p><span class=\"strong black\">Organizations that have not yet applied a pair of months-old critical patches from Oracle for E-Business Suite are at risk of attacks on their financial systems, the application security firm says.<\/span> <\/p>\n<p class=\"p1\">Two highly critical vulnerabilities in Oracle&#8217;s E-Business Suite could put firms who haven&#8217;t patched the flaws at risk of their systems getting hacked for illicit payments and other financial fraud.<\/p>\n<p class=\"p1\">Exploitation of the vulnerabilities could allow, for examples, an attacker to create a supplier in the system, add a bank account, and then issue payments to that supplier \u2014 all without approvals, according to cybersecurity firm Onapsis, which issued an advisory today that details the possible exploitation techniques attackers could employ against the EBS vulnerabilities.<\/p>\n<p class=\"p1\">Oracle fixed the EBS issues in its April 2019 critical patch update, but companies are often slow to apply such fixes, because they cannot risk disruption to their enterprise resource planning (ERP) software, a critical component of operations, says Juan-Perez Etchegoyen, chief technology officer for Onapsis.<\/p>\n<p class=\"p1\">The vulns, which affect two components of Oracle&#8217;s EBS, are &#8220;easily exploitable,&#8221; according to the official description in the National Vulnerability Database.<\/p>\n<p class=\"p1\">&#8220;We don&#8217;t have any numbers, but we know that customers tend to take months to years to apply (ERP software) patches \u2014 that is a reality for ERP customers,&#8221; he says. &#8220;They need to get into a more frequent cadence, because otherwise it is just too slow.&#8221;.<\/p>\n<p class=\"p2\">The issues are the latest to plague enterprise resource planning (ERP) software, highly complex platforms that are often critical to business operations. The platforms have often been only used on-premise, with Internet capabilities added afterwards, <a href=\"https:\/\/www.darkreading.com\/application-security\/us-cert-warns-of-erp-application-hacking\/d\/d-id\/1332390\" target=\"_blank\" rel=\"noopener noreferrer\">exposing them to threats<\/a>.<\/p>\n<p class=\"p1\">Onapsis, a provider of cybersecurity for enterprise applications, highlighted the issue more than 18 months ago, informing Oracle and then working withe company to fix the issues, Etchegoyen says. The company only released public information on the issue on Nov. 20, after Oracle customers were given time to patch.<\/p>\n<p class=\"p1\">The flaws \u2014 one in Oracle&#8217;s General Ledger component (<a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2019-2638\" target=\"_blank\" rel=\"noopener noreferrer\">CVE-2019-2638<\/a>) and another in Oracle Work in Progress component (<a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2019-2633\" target=\"_blank\" rel=\"noopener noreferrer\">CVE-2019-2633<\/a>)&nbsp; exploit Oracle&#8217;s Thin Client Framework (TCF), which is installed by default on E-Business Suite systems. Anywhere from 15,000 to 21,000 companies, mostly small businesses but also including businesses with more than 10,000 employees, use the software. At least 1,500 companies also expose the software directly to the Internet, Etchegoyen says.<\/p>\n<p class=\"p1\">&#8220;We waited for a few months to issue a public notice, because it is such a great risk,&#8221; he says. &#8220;If the system is accessible to a Web browser, then it is totally exposed. We decided to go public and increase the awareness.&#8221;<\/p>\n<p class=\"p1\"><strong>&#8216;Full Control&#8217;<\/strong><\/p>\n<p class=\"p1\">&#8220;Successfully exploiting any of these vulnerabilities could lead to full control over the entire Oracle EBS system,&#8221; the company <a href=\"https:\/\/www.onapsis.com\/blog\/oracle-payday-vulnerabilities\" target=\"_blank\" rel=\"noopener noreferrer\">stated in its alert<\/a>. &#8220;An attacker with this type of access could be detrimental in any application, but represents the worst case scenario when an ERP system is attacked.&#8221;&nbsp;<\/p>\n<p class=\"p1\">Because the vulnerabilities are in components that cannot be disabled, patching the system is critical.&nbsp;<\/p>\n<p class=\"p2\">Onapsis notified Oracle of the security issues affecting the Thin Client Framework in September 2017, and the company issued a Critical Patch Update (CPU) fixing the issues on April 2018. By December 2018, Onapsis had found more vulnerabilities and a way of bypassing one of the previous patches, according to the company&#8217;s advisory.<\/p>\n<p class=\"p1\">&#8220;Even though multiple bugs were fixed, starting with the April 2018 CPU up to the most recent CPU, the most critical patches have a CVSS score of 9.9,&#8221; the advisory stated. &#8220;All of them could be exploited remotely and, depending on the patch applied, by an unauthenticated attacker.&#8221;<\/p>\n<p class=\"p1\">The company expects that many businesses have not installed the patches, because ERP systems are often critical enough that the firms do not want a misstep.<\/p>\n<p class=\"p1\">&#8220;In our experience, we see this as an industry problem,&#8221; Etchegoyen says. &#8220;Because the data is so critical, and often customized, changing or updating or applying patches can be a significant challenge for organizations.&#8221;<\/p>\n<p class=\"p1\">Still, companies should not wait any longer and apply the fixes, he says.<\/p>\n<p class=\"p3\"><strong>Related Content<\/strong><\/p>\n<p class=\"p2\"><em><strong>Check out<\/strong> <a href=\"https:\/\/www.darkreading.com\/Edge.asp\"><strong>The Edge<\/strong><\/a><strong>, Dark Reading&#8217;s new section for features, threat data, and in-depth perspectives. Today&#8217;s top story: &#8220;<\/strong><a href=\"https:\/\/www.darkreading.com\/edge\/theedge\/how-medical-device-vendors-hold-healthcare-security-for-ransom\/b\/d-id\/1336388\"><strong>How Medical Device Vendors Hold Healthcare Security for Ransom<\/strong><\/a><strong>.'&#8221;<\/strong><\/em><\/p>\n<p><span class=\"italic\">Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT&#8217;s Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline &#8230; <a href=\"https:\/\/www.darkreading.com\/author-bio.asp?author_id=1161\">View Full Bio<\/a><\/span> <\/p>\n<p><span class=\"smaller strong red allcaps\">More Insights<\/span><\/p>\n<p> Read More <a href=\"https:\/\/www.darkreading.com\/application-security\/patch-easily-exploitable-oracle-ebs-flaws-asap-onapsis\/d\/d-id\/1336421?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Organizations that have not yet applied a pair of months-old critical patches from Oracle for E-Business Suite are at risk of attacks on their financial systems, the application security firm says. Read More <a href=\"https:\/\/www.darkreading.com\/application-security\/patch-easily-exploitable-oracle-ebs-flaws-asap-onapsis\/d\/d-id\/1336421?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple\">HERE<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[151],"tags":[],"class_list":["post-31930","post","type-post","status-publish","format-standard","hentry","category-darkreading-ti"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Patch &#039;Easily Exploitable&#039; Oracle EBS Flaws ASAP: Onapsis 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/patch-easily-exploitable-oracle-ebs-flaws-asap-onapsis\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Patch &#039;Easily Exploitable&#039; Oracle EBS Flaws ASAP: Onapsis 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/patch-easily-exploitable-oracle-ebs-flaws-asap-onapsis\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2019-11-20T21:52:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/twimgs.com\/nojitter\/darkreading\/dr-logo.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/patch-easily-exploitable-oracle-ebs-flaws-asap-onapsis\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/patch-easily-exploitable-oracle-ebs-flaws-asap-onapsis\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Patch &#8216;Easily Exploitable&#8217; Oracle EBS Flaws ASAP: Onapsis\",\"datePublished\":\"2019-11-20T21:52:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/patch-easily-exploitable-oracle-ebs-flaws-asap-onapsis\\\/\"},\"wordCount\":753,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/patch-easily-exploitable-oracle-ebs-flaws-asap-onapsis\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/twimgs.com\\\/nojitter\\\/darkreading\\\/dr-logo.jpg\",\"articleSection\":[\"DarkReading |TI\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/patch-easily-exploitable-oracle-ebs-flaws-asap-onapsis\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/patch-easily-exploitable-oracle-ebs-flaws-asap-onapsis\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/patch-easily-exploitable-oracle-ebs-flaws-asap-onapsis\\\/\",\"name\":\"Patch 'Easily Exploitable' Oracle EBS Flaws ASAP: Onapsis 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/patch-easily-exploitable-oracle-ebs-flaws-asap-onapsis\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/patch-easily-exploitable-oracle-ebs-flaws-asap-onapsis\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/twimgs.com\\\/nojitter\\\/darkreading\\\/dr-logo.jpg\",\"datePublished\":\"2019-11-20T21:52:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/patch-easily-exploitable-oracle-ebs-flaws-asap-onapsis\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/patch-easily-exploitable-oracle-ebs-flaws-asap-onapsis\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/patch-easily-exploitable-oracle-ebs-flaws-asap-onapsis\\\/#primaryimage\",\"url\":\"https:\\\/\\\/twimgs.com\\\/nojitter\\\/darkreading\\\/dr-logo.jpg\",\"contentUrl\":\"https:\\\/\\\/twimgs.com\\\/nojitter\\\/darkreading\\\/dr-logo.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/patch-easily-exploitable-oracle-ebs-flaws-asap-onapsis\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Patch &#8216;Easily Exploitable&#8217; Oracle EBS Flaws ASAP: Onapsis\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Patch 'Easily Exploitable' Oracle EBS Flaws ASAP: Onapsis 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/patch-easily-exploitable-oracle-ebs-flaws-asap-onapsis\/","og_locale":"en_US","og_type":"article","og_title":"Patch 'Easily Exploitable' Oracle EBS Flaws ASAP: Onapsis 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/patch-easily-exploitable-oracle-ebs-flaws-asap-onapsis\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2019-11-20T21:52:00+00:00","og_image":[{"url":"https:\/\/twimgs.com\/nojitter\/darkreading\/dr-logo.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/patch-easily-exploitable-oracle-ebs-flaws-asap-onapsis\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/patch-easily-exploitable-oracle-ebs-flaws-asap-onapsis\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Patch &#8216;Easily Exploitable&#8217; Oracle EBS Flaws ASAP: Onapsis","datePublished":"2019-11-20T21:52:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/patch-easily-exploitable-oracle-ebs-flaws-asap-onapsis\/"},"wordCount":753,"commentCount":0,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/patch-easily-exploitable-oracle-ebs-flaws-asap-onapsis\/#primaryimage"},"thumbnailUrl":"https:\/\/twimgs.com\/nojitter\/darkreading\/dr-logo.jpg","articleSection":["DarkReading |TI"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.threatshub.org\/blog\/patch-easily-exploitable-oracle-ebs-flaws-asap-onapsis\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/patch-easily-exploitable-oracle-ebs-flaws-asap-onapsis\/","url":"https:\/\/www.threatshub.org\/blog\/patch-easily-exploitable-oracle-ebs-flaws-asap-onapsis\/","name":"Patch 'Easily Exploitable' Oracle EBS Flaws ASAP: Onapsis 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/patch-easily-exploitable-oracle-ebs-flaws-asap-onapsis\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/patch-easily-exploitable-oracle-ebs-flaws-asap-onapsis\/#primaryimage"},"thumbnailUrl":"https:\/\/twimgs.com\/nojitter\/darkreading\/dr-logo.jpg","datePublished":"2019-11-20T21:52:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/patch-easily-exploitable-oracle-ebs-flaws-asap-onapsis\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/patch-easily-exploitable-oracle-ebs-flaws-asap-onapsis\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/patch-easily-exploitable-oracle-ebs-flaws-asap-onapsis\/#primaryimage","url":"https:\/\/twimgs.com\/nojitter\/darkreading\/dr-logo.jpg","contentUrl":"https:\/\/twimgs.com\/nojitter\/darkreading\/dr-logo.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/patch-easily-exploitable-oracle-ebs-flaws-asap-onapsis\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Patch &#8216;Easily Exploitable&#8217; Oracle EBS Flaws ASAP: Onapsis"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/31930","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=31930"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/31930\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=31930"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=31930"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=31930"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}