Oracle has warned of two serious security vulnerabilities in its E-Business Suite product.
If left unattended, the software vulnerabilities could enable an attacker to run malicious code on an E-Business Suite server or view product configuration information.
A buffer overflow vulnerability in an E-Business Suite component called FNDWRR could let an attacker cause that program to crash, Oracle said.
FNDWRR is a common gateway interface (CGI) program that lets customers view Oracle reports and log files through a Web browser, according to an alert released by Integrigy, a security research firm that discovered the vulnerabilities.
Attackers could use a Web browser and specially crafted Uniform Resource Locators (URLs) to create a buffer overflow, crippling FNDWRR.
Attacks against FNDWRR would not disable the E-Business Suite product, Oracle said.
But Integrigy warned that the vulnerabilities could allow attackers to run malicious code on the server running E-Business Suite.