logo

Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed

ID: 6cc2555e-5d05-5f62-840c-b5914ed63b53

STIX ID: report--6cc2555e-5d05-5f62-840c-b5914ed63b53

Feed Name: Security Affairs

Threat Score
78/100

Date Published: 2026-07-01

Date Updated: 2026-07-02

Author: Pierluigi Paganini

...
...

Oracle E-Business Suite vulnerability CVE-2026-46817 (affecting Oracle Payments 12.2.3–12.2.15) is reported to be under active attack; researchers warn that the flaw allows unauthenticated remote takeover over HTTP. Shadowserver has identified about 950 internet-facing EBS instances still exposed (mostly in the U.S.), Oracle issued a patch in its recent Critical Patch Update and urges immediate remediation, while technical details and public exploit proof-of-concept remain undisclosed.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.