Oracle E-Business Suite Vulnerability Actively Exploited

Oracle E-Business Suite Vulnerability Actively Exploited

Posted on By CWS

Hackers are actively targeting a serious vulnerability in the Oracle E-Business Suite, designated as CVE-2026-46817. This critical flaw, identified over the weekend of June 27–28, 2026, was observed in attacks against honeypot setups, highlighting the urgent need for patching.

Details of the Security Flaw

The vulnerability exists within the Oracle Payments product of Oracle E-Business Suite, specifically affecting the File Transmission component. It carries an alarming CVSS 3.1 score of 9.8, indicating its potential for severe exploitation. This flaw allows attackers with network access via HTTP to fully compromise the system, impacting confidentiality, integrity, and availability.

Versions 12.2.3 through 12.2.15 of the Oracle E-Business Suite are susceptible to this issue. The low complexity and absence of authentication requirements make the vulnerability particularly easy to exploit on a large scale, posing significant risks to unpatched systems.

Active Exploitation Observed

During the last weekend of June 2026, active exploitation of the vulnerability was detected for the first time in the wild. The absence of public proof-of-concept code suggests that attackers may be using privately developed exploits. Threat actors were seen sending targeted POST requests to the Oracle iPayment endpoint, indicating sophisticated attempts to compromise systems.

Notably, an attacker from IP address 45.84.137[.]125, linked to AS136787 PacketHub S.A. in France, focused on port 443. They used crafted XML payloads to exploit the vulnerability, aiming to exfiltrate sensitive data from the file system.

Response and Mitigation Measures

Oracle addressed this vulnerability in its May 2026 Critical Security Patch Update (CSPU), released on May 28, 2026. This update resolved multiple critical vulnerabilities across various Oracle products, including 35 unique CVEs. Following this, a supplementary patch was also released in June 2026 to bolster security measures.

Organizations using Oracle E-Business Suite are advised to implement these patches promptly. Additional recommendations include restricting internet access to /OA_HTML/ paths of Oracle interfaces, auditing server logs for unusual activities, and monitoring for the specific attacker IP and user-agent strings associated with this threat.

In summary, the lack of public exploit code coupled with the emergence of private tools means that unpatched systems are at substantial risk. Immediate action is necessary to mitigate potential compromises.

Cyber Security News Tags:, , , , , , , , , , , , , ,

Related Posts

EngageSDK Flaw Puts Millions of Crypto Wallets at Risk EngageSDK Flaw Puts Millions of Crypto Wallets at Risk Cyber Security News
WatchGuard 0-day Vulnerability Exploited in the Wild to Hijack Firewalls WatchGuard 0-day Vulnerability Exploited in the Wild to Hijack Firewalls Cyber Security News
Critical FortiSandbox Flaw Allows Remote Command Execution Critical FortiSandbox Flaw Allows Remote Command Execution Cyber Security News
Kenyan Filmmakers Installed With FlexiSPY Spyware That Monitors Messages and Social Media Kenyan Filmmakers Installed With FlexiSPY Spyware That Monitors Messages and Social Media Cyber Security News
Rising Cyber Threats Target Education Sector Globally Rising Cyber Threats Target Education Sector Globally Cyber Security News
Massive Hacking Operation WrtHug Compromises Thousands of ASUS Routers Worldwide Massive Hacking Operation WrtHug Compromises Thousands of ASUS Routers Worldwide Cyber Security News