Thousands of Oracle NetSuite Sites at Risk of Customer Data Exposure

SeniorTechInfo
1 Min Read

Aug 20, 2024Ravie LakshmananEnterprise Security / Data Breach

Cybersecurity researchers have uncovered a critical vulnerability affecting thousands of Oracle NetSuite e-commerce sites, putting sensitive customer information at risk.

According to AppOmni’s Aaron Costello, a misconfiguration in NetSuite’s SuiteCommerce platform could potentially expose full addresses and mobile phone numbers of registered customers on these sites.

However, it’s important to note that the issue isn’t a flaw in the NetSuite product itself but rather a result of customer misconfigurations.

The attack exploits custom record types (CRTs) with improper access controls, allowing unauthorized access to data utilizing NetSuite’s APIs.

To prevent data exposure, administrators are advised to tighten access controls on CRTs, restrict access to sensitive fields, and consider temporarily taking affected sites offline.

Meanwhile, Cymulate has disclosed a method to bypass authentication in Microsoft Entra ID, posing a risk to hybrid identity infrastructures.

The vulnerability allows attackers with admin access to authenticate without passwords, potentially granting unauthorized privileges within the tenant.

Liked this article? Don’t miss out on more exclusive content. Follow us on Twitter and LinkedIn.

Share This Article
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *