Exploiting Oracle EBusiness Suite After Proof of Concept is Released

Recently, a vulnerability in Oracle's E-Business Suite was identified and patched as part of Oracle's October 2022 Critical Patch Update. This vulnerability, tracked as CVE-2022-21587, is a security defect in the Web Applications Desktop Integrator that can be exploited by unauthenticated attackers with network access via HTTP. After a proof-of-concept code was published, exploitation attempts were observed by Shadowserver on January 21st. CISA has added CVE-2022-21587 to its Known Exploited Vulnerabilities catalog and urged Oracle customers to apply the available patches as soon as possible. Additionally, CISA has warned of observed exploitation of CVE-2023-22952, a high-severity remote code execution flaw in SugarCRM. This vulnerability, which impacts the EmailTemplates, is a missing input validation defect that allows an attacker to inject custom PHP code using crafted requests. Patches for this vulnerability were released on January 11, 2023 and shortly after exploitation began, Censys reported seeing hundreds of SugarCRM servers being hacked. It has been observed that shortly after a proof-of-concept code was published for a critical-severity Oracle E-Business Suite vulnerability, exploitation attempts have been made. This vulnerability, tracked as CVE-2022-21587, is a security defect in the Web Applications Desktop Integrator that can be exploited by unauthenticated attackers with network access via HTTP. CISA has added this vulnerability to its Known Exploited Vulnerabilities catalog and urged Oracle customers to apply the available patches as soon as possible. Additionally, CISA has warned of observed exploitation of CVE-2023-22952, a high-severity remote code execution flaw in SugarCRM. This vulnerability, which impacts the EmailTemplates, is a missing input validation defect that allows an attacker to inject custom PHP code using crafted requests. Patches for this vulnerability were released on January 11, 2023 and shortly after exploitation began, Censys reported seeing hundreds of SugarCRM servers being hacked.

This Cyber News was published on www.securityweek.com. Publication date: Fri, 03 Feb 2023 16:55:03 +0000


Cyber News related to Exploiting Oracle EBusiness Suite After Proof of Concept is Released

CVE-2018-0688 - Open redirect vulnerability in SEIKO EPSON printers and scanners (DS-570W firmware versions released prior to 2018 March 13, DS-780N firmware versions released prior to 2018 March 13, EP-10VA firmware versions released prior to 2017 September 4, ...
5 years ago
CVE-2018-0689 - HTTP header injection vulnerability in SEIKO EPSON printers and scanners (DS-570W firmware versions released prior to 2018 March 13, DS-780N firmware versions released prior to 2018 March 13, EP-10VA firmware versions released prior to 2017 September ...
5 years ago
Exploiting Oracle EBusiness Suite After Proof of Concept is Released - Recently, a vulnerability in Oracle's E-Business Suite was identified and patched as part of Oracle's October 2022 Critical Patch Update. This vulnerability, tracked as CVE-2022-21587, is a security defect in the Web Applications Desktop Integrator ...
1 year ago Securityweek.com
CVE-2016-0635 - Unspecified vulnerability in the Enterprise Manager Ops Center component in Oracle Enterprise Manager Grid Control 12.1.4, 12.2.2, and 12.3.2; the Oracle Health Sciences Information Manager component in Oracle Health Sciences Applications 1.2.8.3, ...
5 years ago
Oracle’s First Security Update for 2023 Includes 327 New Patches - Oracle has released its first security update of 2023, delivering 327 new security fixes and patching a range of critical vulnerabilities. This update covers products spanning across Oracle’s Cloud portfolio, Fusion Middleware, Hyperion, E-Business ...
1 year ago Securityweek.com
Exploit for CrushFTP RCE chain released, patch now - A proof-of-concept exploit was publicly released for a critical remote code execution vulnerability in the CrushFTP enterprise suite, allowing unauthenticated attackers to access files on the server, execute code, and obtain plain-text passwords. The ...
10 months ago Bleepingcomputer.com
Researchers Disclose Proof of Concept for New GhostRace Attack - IBM and VU Amsterdam University researchers published on March 12th their study about the new GhostRace attack type. Apart from the technical paper, blog post and Proof of Concept exploit, they also released scripts for scanning the Linux kernel for ...
6 months ago Heimdalsecurity.com
Hackers Gaining Unauthorized Access to Windows Devices Through Silver and BYOVD Exploits - Last summer, cybercriminals began using Sliver as an alternative to Cobalt Strike, using it for monitoring networks, executing commands, loading reflective DLLs, spawning sessions, and manipulating processes. Recently, attacks have been observed ...
1 year ago Heimdalsecurity.com
TellYouThePass ransomware joins Apache ActiveMQ RCE attacks - Internet-exposed Apache ActiveMQ servers are also targeted in TellYouThePass ransomware attacks targeting a critical remote code execution vulnerability previously exploited as a zero-day. The flaw, tracked as CVE-2023-46604, is a maximum severity ...
10 months ago Bleepingcomputer.com
Exploit released for maximum severity Fortinet RCE bug, patch now - Security researchers have released a proof-of-concept exploit for a maximum-severity vulnerability in Fortinet's security information and event management solution, which was patched in February. Tracked as CVE-2024-23108, this security flaw is a ...
4 months ago Bleepingcomputer.com
Ivanti Vulnerability Exploited to Deliver New 'DSLog' Backdoor - A recently patched zero-day vulnerability in Ivanti enterprise VPNs has been exploited in attacks deploying a backdoor named 'DSLog', security services provider Orange Cyberdefense reports. The issue, tracked as CVE-2024-21893, is a server-side ...
7 months ago Packetstormsecurity.com
RCE exploit for Wyze Cam v3 publicly released, patch now - A security researcher has published a proof-of-concept exploit for Wyze Cam v3 devices that opens a reverse shell and allows the takeover of vulnerable devices. Wyze Cam v3 is a top-selling, inexpensive indoor/outdoor security camera with support for ...
10 months ago Bleepingcomputer.com
How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
1 week ago Aws.amazon.com
Experts released PoC exploit code for RCE in Fortinet SIEM - Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw. Crowdfense is offering a larger 30M USD exploit acquisition program. Threat actors actively exploit JetBrains TeamCity flaws to deliver malware. PoC ...
4 months ago Securityaffairs.com
Vulnerability Recap 5/13/24: F5, Citrix & Chrome - The most dangerous vulnerabilities might be the lesser known Tinyproxy and Cinterion Cellular Modem flaws. The stress and high expense of attacks can be avoided by proactively tracking assets, staying informed, and allocating some resources to ...
4 months ago Esecurityplanet.com
Threat actors actively exploit D-Link DIR-859 router flaw - MUST READ. Threat actors actively exploit D-Link DIR-859 router flaw CVE-2024-0769. Expert released PoC exploit code for Veeam Backup Enterprise Manager flaw CVE-2024-29849. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities ...
3 months ago Securityaffairs.com
Threat actors actively exploit D-Link DIR-859 router flaw - MUST READ. Threat actors actively exploit D-Link DIR-859 router flaw CVE-2024-0769. Expert released PoC exploit code for Veeam Backup Enterprise Manager flaw CVE-2024-29849. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities ...
3 months ago Securityaffairs.com
How to Identify a Cyber Adversary: Standards of Proof - In cybersecurity, attribution refers to identifying an adversary likely responsible for malicious activity. It is typically derived from collating many types of information, including tactical or finished intelligence, evidence from forensic ...
7 months ago Darkreading.com
Exploit for critical Progress Telerik auth bypass released, patch now - Researchers have published a proof-of-concept exploit script demonstrating a chained remote code execution vulnerability on Progress Telerik Report Servers. The Telerik Report Server is an API-powered end-to-end encrypted report management solution ...
3 months ago Bleepingcomputer.com
Citrix Bleed exploit lets hackers hijack NetScaler accounts - A proof-of-concept exploit is released for the 'Citrix Bleed' vulnerability, tracked as CVE-2023-4966, that allows attackers to retrieve authentication session cookies from vulnerable Citrix NetScaler ADC and NetScaler Gateway appliances. ...
10 months ago Bleepingcomputer.com
$937 Bounty Awarded for Privilege Escalation and Local File Inclusion Vulnerabilities Patched in MasterStudy LMS WordPress Plugin - On February 25th, 2024, during our second Bug Bounty Extravaganza, we received a submission for a Privilege Escalation vulnerability in MasterStudy LMS, a WordPress plugin with more than 10,000 active installations. The next day on February 26th, ...
6 months ago Wordfence.com
Vulnerability Summary for the Week of January 15, 2024 - This vulnerability affected all versions of GitHub Enterprise Server and was fixed in versions 3.11.3, 3.10.5, 3.9.8, and 3.8.13 This vulnerability was reported via the GitHub Bug Bounty program. Successful attacks require human interaction from a ...
8 months ago Cisa.gov
LockBit ransomware exploits Citrix Bleed in attacks, 10K servers exposed - The Lockbit ransomware attacks use publicly available exploits for the Citrix Bleed vulnerability to breach the systems of large organizations, steal data, and encrypt files. Although Citrix made fixes available for CVE-2023-4966 more than a month ...
10 months ago Bleepingcomputer.com
PoC Exploits Heighten Risks Around Critical New Jenkins Vuln - Internet-exposed Jenkins servers remain unpatched against a critical, recently disclosed arbitrary file-read vulnerability for which proof-of-exploit code is now publicly available. CVE-2024-23897 affects the built-in Jenkins command line interface ...
8 months ago Darkreading.com
Critical Zimbra RCE flaw actively exploited to take over servers - Attackers can exploit the vulnerability by sending specially crafted emails with commands to execute in the CC field, which are then executed when the postjournal service processes the email. Hackers are actively exploiting a recently disclosed RCE ...
1 week ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)