Vulnerability Report: Information Exposure in Oracle's iRecruitment Oracle's iRecruitment software is a HR system used by many government agencies and large private corporations. The system can be used to manage hiring information as well as current employee records. Upon using one such company's hiring system as an external applicant, I followed a hyperlink and was able to recover the entire company's corporate hierarchy, which includes employees names, contact information (primarily business-centric, but some personal information such as cell phones). More importantly, the vulnerability shows departmental breakdowns and reporting relationships in the hierarchy. Depending upon the amount of information stored and where by a particular organization, this could result in violation of employee privacy protection laws such as those from the state of Massachusetts… 27 Apr 2010 :: Security :: #Oracle #Vulnerability Report
