Flaws could be used to compromise database app, OS Using the National Cyber Alert System, the U.S. Department of Homeland Security this week warned users of critical vulnerabilities in Oracle Corp.’s E-Business Suite 11i and Oracle 11 applications.The flaws were found for the DHS by Chicago-based security firm Integrigy Corp.The alert, which was posted by the U.S. Computer Emergency Readiness Team, warned that the vulnerability in the E-Business suite could allow an unauthorized attacker to execute arbitrary script on a vulnerable database system. “Exploitation may lead to compromise of the database application, data integrity or underlying operating system,” according to the alert. All releases of Oracle Applications 11.0 and Oracle E-Business Suite Release 11i and 11.5.1 through 11.5.8 are vulnerable to SQL injection vulnerabilities, Oracle said. Oracle E-Business Suite Release 11.5.9 and later versions aren’t vulnerable, according to the alert. All operating systems on which the Oracle software runs are vulnerable to attack using the exploits.Oracle has issued a patch for the holes; more information is available at http://otn.oracle.com/deploy/security/pdf/2004alert67.pdf SecuritySoftware DevelopmentPatch Management SoftwareCareers