Home
Tech
Thousands of Oracle NetSuite ERP websites found to be leaking private customer information

Thousands of Oracle NetSuite ERP websites found to be leaking private customer information

Researchers have discovered a vulnerability in Oracle Netsuite's SuiteCommerce e-commerce platform that could allow threat actors to steal sensitive data from websites.

An AppOmni report revealed that the vulnerability stems from misconfigured access controls in SuiteCommerce instances, specifically within custom record types (CRTs) – tables created by SuiteCommerce enterprise customers.

These tables often contain important customer data as well as information about business transactions. Criminals who gain access to this data can steal customer addresses, phone numbers, order history, and more.

Working on a solution

AppOmni researchers said the vulnerability could put many small and mid-sized businesses at risk, as they rarely have the resources to identify and address bugs like this one.

The good news is that NetSuite has already acknowledged AppOmni’s findings and is said to be working on a patch. It has also told all SuiteCommerce users to review their security settings and apply the suggested best practices, as that is the proper way to protect CRTs against threat actors and other unauthenticated users.

“During my time researching SaaS security, it has become clear to me that unauthenticated data exposure via SaaS applications is one of the top threats to enterprises,” Aaron Costello, head of SaaS security research at AppOmni, wrote in his analysis. “Furthermore, as vendors introduce increasingly complex features into their products to remain competitive, these risks will become more prevalent.”

Costello believes organisations will struggle to address these issues as they are often discovered “simply through bespoke investigations”, which many companies do not have the time or money to do.

Subscribe to the TechRadar Pro newsletter for the top stories, opinions, features and guidance your business needs to succeed.

This, he says, is particularly true for large enterprises “that have deployed multiple enterprise SaaS applications to meet multiple demands across their lines of business.”

More from TechRadar Pro

You may also like...

Massive Amazon Presidents' Day Sale: 19 Best Deals to Shop Before It Ends Tonight

Published: February 19, 20248:12 pmUpdated: 8:13 pm
Author admin

NYT Strands Today: Hints, Answers, and Spangram for Thursday, June 20 (Game #109)

Published: June 20, 20241:33 am
Author admin

Epic Memorial Day deal knocks $1,000 off stunning Samsung S90C OLED TV

Published: May 24, 202410:04 pm
Author admin

UK MPs' email passwords stolen and sold on dark web

Published: May 31, 20243:40 am
Author admin

This DJI dron-in-Box solution can work in a violent storm of force 11 and land in a moving vehicle

Published: March 2, 202512:55 am
Author admin

NYT Strands Today: Clues, Answers, and Spangram for Wednesday, August 14 (Game #164)

Published: August 13, 202411:24 pmUpdated: 11:25 pm
Author admin

Advertisement

Latest Tech News

The EVO-X2 will be the fourth PC to present the Max+ 395 with 128 GB of RAM and, as its peers, it will not be cheap
Published: April 4, 20258:18 pm
Author admin

Google messages will finally improve in the management of your long text messages
Published: April 4, 202510:16 amUpdated: 10:17 am
Author admin

Android Auto's last update could convert the cameras of your car into a free board
Published: April 4, 202512:15 am
Author admin

The GSMA Board chooses Ralph Mupita as a new attached chair
Published: April 3, 20252:14 pm
Author admin

Nikon presents the Z5 II camera without a full -box mirror: the input level only improves and more expensive
Published: April 3, 20254:13 am
Author admin

Popular Tech News

Quordle Today: Hints and Answers for Monday, January 1 (Game #707)
Published: January 1, 202412:51 am
Author admin

Samsung Galaxy S24 Ultra could come with a big video recording update
Published: January 1, 202411:01 am
Author admin

New Nothing Phone 2a leaks include images, prices, colors and specifications
Published: January 1, 20243:05 pm
Author admin

New year, new TV: LG’s C2 OLED drops to a whopping $1,399 price at Amazon
Published: January 1, 20247:09 pm
Author admin

Amazon’s massive New Year’s sale is on: here are the 29 best deals to shop right now
Published: January 1, 20249:11 pm
Author admin

Follow Us
twitter
facebook
Archives

April 2025

March 2025

February 2025

January 2025

December 2024

November 2024

October 2024

September 2024

August 2024

July 2024

June 2024

May 2024

April 2024

March 2024

February 2024

January 2024

December 2023

November 2023

October 2023

August 2023

July 2023

June 2023

May 2023

April 2023

March 2023

February 2023

January 2023

December 2022

November 2022

October 2022

July 2022

May 2022

November 2021

August 2021

March 2021

August 2020