Thousands of Oracle NetSuite ERP websites found leaking private customer information

0
11

Researchers have discovered a vulnerability in Oracle Netsuite’s SuiteCommerce ecommerce platform that could allow threat actors to steal sensitive data from websites.

A report from AppOmni revealed the vulnerability comes from misconfigured access controls in SuiteCommerce instances, specifically within custom record types (CRTs) – tables created by the SuiteCommerce enterprise customers.

LEAVE A REPLY

Please enter your comment!
Please enter your name here