Threat
actors
started
exploiting
a
critical
Oracle
E-Business
Suite
flaw,
tracked
as
CVE-2022-21587,
shortly
after
a
PoC
was
published.
Shadowserver
researchers
warn
that
threat
actors
have
started
attempting
to
exploit
critical
Oracle
E-Business
Suite
flaw
(CVE-2022-21587)
shortly
after
a
PoC
was
published.
The
E-Business
Suite
is
a
set
of
enterprise
applications
that
allows
organizations
automate
processes
such
as
supply
chain
management
(SCM),
enterprise
resource
planning
(ERP),
and
customer
relationship
management
(CRM).
The
vulnerability
resides
in
the
Web
Applications
Desktop
Integrator
of
Oracle’s
enterprise
product
and
was
addressed
in
October
2022.
An
unauthenticated
attacker
can
easily
exploit
the
flaw
via
HTTP
to
take
over
Oracle
Web
Applications
Desktop
Integrator
installs.
The
issue
impacts
versions
12.2.3-12.2.11.
“Easily
exploitable
vulnerability
allows
unauthenticated
attacker
with
network
access
via
HTTP
to
compromise
Oracle
Web
Applications
Desktop
Integrator.
Successful
attacks
of
this
vulnerability
can
result
in
takeover
of
Oracle
Web
Applications
Desktop
Integrator.”
reads
the
advisory.
Shadowserver
reported
to
have
observed
first
exploitation
attempts
on
January
21,
only
five
days
after
the
cybersecurity
firm
Viettel
Cyber
Security
released
a
PoC
exploit
code
for
this
issue.
The
researchers
recommend
to
install
the
patch
from
Oracle
to
address
the
issue,
however,
if
they
cannot
do
it,
that
can
use
the
firewall
to
block
requests
sent
to
the
following
URLs:
- /OA_HTML/BneUploaderService
- /OA_HTML/BneViewerXMLService
- /OA_HTML/BneDownloadService
- /OA_HTML/BneOfflineLOVService
US
CISA
added
the
CVE-2022-21587
flaw
to
its
Known
Exploited
Vulnerabilities
(KEV) catalog
ordering
federal
agencies
to
fix
it
by
February
23,
2023.
Follow
me
on
Twitter:
@securityaffairs
and
Facebook
and
Mastodon
(SecurityAffairs –
hacking,
CVE-2022-21587)