Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed
Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed 2026-7-1 19:49:5 Author: securityaffairs.com(查看原文) 阅读量:4 收藏

Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed

Oracle E-Business Suite flaw CVE-2026-46817 is under active attack, with about 950 vulnerable internet-facing instances still exposed.

This week, Defused Cyber researchers warned that a critical vulnerability in Oracle E-Business Suite, tracked as CVE-2026-46817, is being actively exploited. The flaw affects Oracle Payments versions 12.2.3 through 12.2.15 and allows unauthenticated attackers to take over vulnerable systems over HTTP. Oracle fixed the issue in last month’s Critical Patch Update and urges customers to apply the patches immediately.

Defused Cyber did not disclose technical details about the attacks that exploited the flaw or the motivation of the attackers.

🚨 CVE-2026-46817 (CVSS 9.8 unauth HTTP takeover in Oracle E-Business) is being exploited

Over the weekend, we observed an actor exploiting the vulnerability on our Oracle E-Business honeypots

This vulnerability has no known previous exploitation and no public POC code… pic.twitter.com/qL4dgPvoMP

— Defused (@DefusedCyber) June 29, 2026

Now, Internet monitoring firm Shadowserver counts roughly 950 EBS instances still reachable from the public internet, most of them in the United States. Nobody knows how many of those have been patched.

“We have improved our Oracle E-Business Suite fingerprinting by adding domain based scans in collaboration with @ValidinLLC. Around 950 exposed instances now seen globally (no vulnerability assessment).” reads the post published by The Shadowserver Foundation.

We have improved our Oracle E-Business Suite fingerprinting by adding domain based scans in collaboration with @ValidinLLC. Around 950 exposed instances now seen globally (no vulnerability assessment). CVE-2026-46817 attempts have been observed in the wild by @DefusedCyber pic.twitter.com/gghdTt5b1X

— The Shadowserver Foundation (@Shadowserver) July 1, 2026

Despite researchers confirming active exploitation of the vulnerabilities, Oracle hasn’t officially flagged this vulnerability as exploited in the wild.

If your organization runs Oracle EBS and hasn’t applied it, that’s the immediate priority. If a public-facing EBS instance is genuinely required for business operations, verify it’s patched before checking anything else on your list today. If it doesn’t need to be internet-facing, take it off the internet.

Shadowserver’s scan suggests the exposed population is not small, and active exploitation without a public proof-of-concept means the attacker community is already ahead of most defenders on this one.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Oracle E-Business)




文章来源: https://securityaffairs.com/194599/security/oracle-e-business-suite-flaw-under-active-attack-950-systems-exposed.html
如有侵权请联系:admin#unsafe.sh