July 18, 2007 -- (WEB HOST INDUSTRY REVIEW) -- Data security and compliance solutions provider Imperva (imperva.com) announced on Tuesday that its Application Defense Center has discovered a cross site scripting vulnerability that affects the Oracle E-Business Suite.
Level 1 PCI DSS Certified Service Provider! DataPipe delivers the best network & support; top tier data centers; New York metro, Silicon Valley, London, Hong Kong, Shanghai. DataPipe - Personal Touch, Global Reach.
Imperva ADC says this vulnerability can be exploited for stealing sensitive data and executing phishing attacks and data can be stolen from users of the business suite, whether they are employees of the organization that deploys EBS or partners that access it in a self-service mode.
As a result, Oracle has released a critical patch update that addresses the vulnerability but Imperva says its SecureSphere database security gateway and Web application firewall appliances can help protect Oracle products against this flaw until it is patched.
