Oracle to fix 167 vulnerabilities, including serious backdoor-like flaw
Renowned database security expert David Litchfield discovered the issue last year on a client's system and at first he thought it was a backdoor left behind by an attacker.
"On investigation, it turns out the 'backdoor' is part of a seeded installation!" he said Monday on Twitter. "I was flabbergasted. Still am."
In a pre-announcement about its quarterly Critical Patch Update expected today, Oracle said that 10 vulnerabilities will be fixed in E-Business Suite, six of which can be exploited remotely without authentication. The highest score for the E-Business Suite vulnerabilities that will be patched is 6.4 in the Common Vulnerability Scoring System (CVSS), according to the company. That doesn't sound too bad, considering that the CVSS scale goes to 10.