U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Exploitation attempts for Oracle E-Business Suite flaw observed after PoC release

Threat actors started exploiting a critical Oracle E-Business Suite flaw, tracked as CVE-2022-21587, shortly after a PoC was published. Shadowserver researchers warn that threat actors have started attempting to exploit critical Oracle E-Business Suite flaw (CVE-2022-21587) shortly after a PoC was published. The E-Business Suite is a set of enterprise applications that allows organizations automate […]

Oracle CVE-2026-46817

Threat actors started exploiting a critical Oracle E-Business Suite flaw, tracked as CVE-2022-21587, shortly after a PoC was published.

Shadowserver researchers warn that threat actors have started attempting to exploit critical Oracle E-Business Suite flaw (CVE-2022-21587) shortly after a PoC was published.

The E-Business Suite is a set of enterprise applications that allows organizations automate processes such as supply chain management (SCM), enterprise resource planning (ERP), and customer relationship management (CRM).

The vulnerability resides in the Web Applications Desktop Integrator of Oracle’s enterprise product and was addressed in October 2022.

An unauthenticated attacker can easily exploit the flaw via HTTP to take over Oracle Web Applications Desktop Integrator installs. The issue impacts versions 12.2.3-12.2.11.

“Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Web Applications Desktop Integrator.” reads the advisory.

Shadowserver reported to have observed first exploitation attempts on January 21, only five days after the cybersecurity firm Viettel Cyber Security released a PoC exploit code for this issue.

Oracle

The researchers recommend to install the patch from Oracle to address the issue, however, if they cannot do it, that can use the firewall to block requests sent to the following URLs:

  • /OA_HTML/BneUploaderService
  • /OA_HTML/BneViewerXMLService
  • /OA_HTML/BneDownloadService
  • /OA_HTML/BneOfflineLOVService

US CISA added the CVE-2022-21587 flaw to its Known Exploited Vulnerabilities (KEV) catalog ordering federal agencies to fix it by February 23, 2023.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, CVE-2022-21587)