15 of the vulnerabilities were found by Onapsis, a company that specializes in security Oracle and SAP products, and three of them were unauthenticated SQL injection bugs. Affecting Oracle EBS versions 12.1 and 12.2, the flaws could be abused over a …