Pierluigi Paganini
February 03, 2023
Shadowserver researchers warn that threat actors have started attempting to exploit critical Oracle E-Business Suite flaw (CVE-2022-21587) shortly after a PoC was published.
Since Jan 21st we are seeing exploitation attempts in our honeypot sensors for Oracle E-Business Suite CVE-2022-21587 (CVSS 9.8 RCE) shortly after a PoC was published. Advisory & patch was issued by Oracle in Oct 2022: https://t.co/QRDKaHEREU
— Shadowserver (@Shadowserver) January 25, 2023
NVD entry: https://t.co/wdbGuX5rTj
The E-Business Suite is a set of enterprise applications that allows organizations automate processes such as supply chain management (SCM), enterprise resource planning (ERP), and customer relationship management (CRM).
The vulnerability resides in the Web Applications Desktop Integrator of Oracle’s enterprise product and was addressed in October 2022.
An unauthenticated attacker can easily exploit the flaw via HTTP to take over Oracle Web Applications Desktop Integrator installs. The issue impacts versions 12.2.3-12.2.11.
“Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Web Applications Desktop Integrator.” reads the advisory.
Shadowserver reported to have observed first exploitation attempts on January 21, only five days after the cybersecurity firm Viettel Cyber Security released a PoC exploit code for this issue.
The researchers recommend to install the patch from Oracle to address the issue, however, if they cannot do it, that can use the firewall to block requests sent to the following URLs:
US CISA added the CVE-2022-21587 flaw to its Known Exploited Vulnerabilities (KEV) catalog ordering federal agencies to fix it by February 23, 2023.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, CVE-2022-21587)
