.webp)
Vulnerability in Oracle NetSuite's SuiteCommerce platform risks sensitive data leaks due to misconfigurations, affecting many small to medium-sized businesses.
A recent report from AppOmni has revealed important security vulnerability within Oracle NetSuite’s SuiteCommerce platform, potentially exposing sensitive customer data. The issue shoots from misconfigured access controls in custom record types (CRTs), which are tables used by SuiteCommerce enterprise customers to store crucial information.
The misconfigurations in CRTs can lead to unauthorized access, allowing attackers to extract sensitive details such as customer addresses, phone numbers, and order histories. This exposure is particularly concerning for small and medium-sized businesses, which may lack the resources to promptly address such security issues.
Oracle NetSuite has acknowledged the problem and is actively working on a fix. The company has advised all SuiteCommerce users to review their security settings and implement recommended best practices to secure their CRTs against unauthorized access.
Aaron Costello, Chief of SaaS Security Research at AppOmni, highlighted the growing risk of unauthenticated data exposure as SaaS applications become increasingly complex. He noted that many organizations struggle with these vulnerabilities due to the bespoke nature of security research and limited resources for remediation.
.webp)
