Researchers have warned of a new vulnerability in NetSuite’s SuiteCommerce tool that could expose sensitive data.
Stemming from misconfigured access controls, the vulnerability leaves sensitive personally identifiable information (PII) exposed, including the full addresses and mobile phone numbers of customers
The vulnerability has already left several thousand live SuiteCommerce websites vulnerable and the extent of potential damage could be far-reaching.
“NetSuite is one of the world’s leading enterprise resource planning (ERP) systems and handles business critical data for thousands of organizations,” AppOmni researcher Aaron Costello told ITPro.
“My research found that thousands of these organizations are leaking sensitive customer data to the public through misconfigurations in their access controls. The sheer scale at which I found these exposures to be occurring is significant,” he added.
https://www.itpro.com/security/netsuite-vulnerability-could-leave-thousands-of-websites-exposed