Attackers actively exploit the Oracle E-Business Suite flaw CVE-2026-46817
ID: b1515bf5-bdc3-5da5-b32c-4c8a2b8b85fd
STIX ID: report--b1515bf5-bdc3-5da5-b32c-4c8a2b8b85fd
Feed Name: Security Affairs
Attackers are actively exploiting a critical Oracle E-Business Suite flaw (CVE-2026-46817, CVSS 9.8) that permits unauthenticated HTTP takeover of Oracle Payments (versions 12.2.3–12.2.15); Defused Cyber observed exploitation on honeypots and Oracle released a patch in its most recent Critical Patch Update. The report also highlights a separate actively exploited PeopleSoft PeopleTools RCE (CVE-2026-35273) linked to a ShinyHunters campaign affecting numerous organizations as reported by Mandiant and Google TAG.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
