Oracle has issued a patch to fix several bugs in its Hyperion Product Management financial consolidation and reporting application that could be remotely exploited by hackers.
Oracle's Proactive Support team announced the fixes, confirming that they address a number of flaws in the Hyperion Planning 22.214.171.124.x part of the application.
The company does not offer firm details about the patch to non-registered customers, and had not responded to V3's request for further details at the time of publishing.
However, TK Keanini, chief technology officer at Lancope, told V3 that the user base and nature of data handled within Hyperion means customers should be concerned by the flaw.
"If you are running this software, it contains up-to-date business intelligence that you must keep secure. So if you are running this software it is incredibly important to keep it up to date and patched," he said.
"Ask yourself this: if the information in your Hyperion system was compromised and posted to the internet for all to see, would you be OK with that?
"The problem most companies face is that they sometimes don't know what is running on their network and this is problem number one that must be solved."
Keanini explained that companies should patch the remote access vulnerabilities as soon as possible, but added that he has yet to see any evidence of the flaws being actively exploited by hackers.
"This is not just one vulnerability but several. The CVEs that have remote access are the most important to fix first," he said.
"I have not [seen the flaws being exploited] but when data is published to the internet, it is not like attackers take the time to show their timeline and the provenance of the data.
"This is always interesting data but also a dangerous indicator because it is a lagging indicator at best."
The Hyperion patch is one of many critical fixes issued by Oracle this year. The firm released a critical update in January addressing 167 vulnerabilities across hundreds of its products, including Java.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago