Oracle EBS Zero Day Vulnerability

Entrust is aware of reports of zero-day vulnerabilities in Oracle EBS and has implemented the relevant patches provided by Oracle.

Promptly upon becoming aware of this issue, we took steps to understand its nature and scope, including engaging a leading third-party cybersecurity expert to assist in our investigation. We have determined that a threat actor exploited the Oracle EBS zero-day vulnerabilities to exfiltrate certain data from our test environment. The data maintained on the affected server included files related to business interactions with our customers such as invoices and shipping information and server administration files such as updates and patches. Based on our investigation, we have confirmed that:

• There is no evidence of unauthorized access to or data loss from our Oracle EBS production environment in connection with this issue.
• There is no evidence of ongoing unauthorized access to our test or production Oracle EBS environments in connection with this issue.
• There is no evidence of unauthorized lateral movement nor of compromise of any of our environments beyond the Oracle EBS test environment in connection with this issue.
• We have isolated the affected Oracle EBS test environment and blocked known indicators of compromise related to this threat.
• This issue resulted from an unauthorized party exploiting zero-day vulnerabilities in Oracle EBS, a third-party software used by Entrust for certain business operations.

Information security is a top priority for Entrust and we continue to evaluate and enhance our security safeguards. Our business operations are continuing as normal, and this issue has not impacted Entrust products and services. We will provide updates here if we have additional relevant information to share.