Oracle Security Flaws: A Cause for Concern?

November 4th, 2011 by Fred Donovan
+45.48%
Upside
26.68
Market
38.81
Trefis
ORCL
Oracle
Rate   |   votes   |   Share

Oracle (NASDAQ:ORCL) plugged a record 76 security holes in hundreds of its products in October, leaving some to wonder how secure the company’s products really are. The company reported that most of these flaws could be exploited by hackers without authentication.  [1] These security issues haven’t impacted investor or customer confidence so far, but should further, more serious security issues arise we believe it could negatively affect the company’s ability to gain share in markets such as the database and middleware markets in which it competes with companies such as SAP (NYSE:SAP) and Microsoft (NASDAQ:MSFT).

See the Full Trefis Analysis for Oracle’s Stock Here

Most flaws aren’t serious, but a few could have catastrophic effects

For the first time, the company released its critical patch update and Java SE critical patch update at the same time. A full 56 security flaws were patched in products such as Oracle Database, Fusion Middleware, Application Server, Business Intelligence Enterprise Edition, Identity Management and the E-Business Suite. The remaining 20 patches were for flaws in Java SE and JRocket, which was added to the Java SE update. Oracle said 19 of these flaws could be exploited by hackers remotely without authentication.

“Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply [critical patch update] fixes as soon as possible”, the company stressed in its advisory. Amichai Shulman, chief technology officer at Imperva, said that Oracle’s critical patch scoring system downplays vulnerabilities, particularly for its database product. “For example, the highest vulnerability is 6.5 out of 10… but this one should probably be higher because: the effect is practically a full takeover of the database server” and he mentions that another defense flaw is “probably a SQL injection vulnerability which is relatively easy to exploit and could lead to a catastrophic dump of the database’s contents.” [2]

Trefis estimates are unchanged, but further flaws could change that

So far, security concerns about Oracle’s products have not dampened enthusiasm for the stock price, which has been on a steady rise since mid-August, when it dipped below $25 per share. These issues do not change the $40 Trefis price estimate for Oracle’s stock unless more serious security issues arise. In fact the Trefis estimates are being revisited in light of the company’s acquisitions of Endeca Technologies, which will bolster its big data analysis tools, and RightNow, which will expand its cloud-based offerings.

Understand How a Company’s Products Impact its Stock Price at Trefis

This article was submitted as part of our Trefis Contributors program. Email us at contributors@trefis.com if you’re interested in participating.

Notes:
  1. Oracle Critical Patch Update, Company Release, October 2011 []
  2. Oracle’s Q3 CPU Release, Imperva, Oct 2011 []
Rate   |   votes   |   Share

Comments

Name (Required)
Email (Required, but never displayed)
SUBMIT
Be the first to comment!

People Who Read This Also Read