CISA Warns of Oracle E-Business Suite Vulnerability Actively Exploited in Attacks

CISA Warns of Oracle E-Business Suite Vulnerability Actively Exploited in Attacks










The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in Oracle E-Business Suite, tracked as CVE-2026-46817, to its Known Exploited Vulnerabilities (KEV) catalog after confirming active exploitation in attacks.

This flaw impacts Oracle Payments, a component of Oracle E-Business Suite. It could allow unauthorized remote attackers to take full control of the service.

CISA has issued a warning regarding this high-impact vulnerability, which poses serious risks to organizations. The vulnerability is characterized as an improper privilege management issue within Oracle E-Business Suite.

CISA added it to the KEV catalog on July 15, 2026, requiring U.S. federal civilian agencies to address the issue by July 18, 2026.

Oracle E-Business Suite Vulnerability Exploited

Organizations utilize Oracle Payments to manage payment processing operations within Oracle E-Business Suite environments. An unauthenticated attacker with HTTP network access can exploit this flaw to compromise the Oracle Payments component.

Successful exploitation could lead to a complete takeover of Oracle Payments, creating significant risks, especially for organizations that expose Oracle E-Business Suite services to the internet or operate them on broadly accessible internal networks.

The vulnerability is associated with the following weakness classifications: CWE-269 (Improper Privilege Management), CWE-287 (Improper Authentication), and CWE-306 (Missing Authentication for Critical Functions).

These classifications suggest that the affected component may fail to enforce authentication and privilege boundaries for sensitive functions properly.

While CISA has not confirmed whether CVE-2026-46817 has been leveraged in ransomware campaigns, its inclusion in the KEV catalog indicates that the vulnerability has been exploited in real-world attacks, making rapid remediation essential.

CISA has instructed organizations to implement mitigations in accordance with Oracle’s vendor guidance and adhere to the agency’s Binding Operational Directive 26-04, which prioritizes security updates based on risk.

Organizations should also follow CISA’s forensic triage requirements to identify any signs of compromise before and after remediation.

Security teams are urged to identify Oracle E-Business Suite deployments immediately, check whether Oracle Payments is enabled, and assess if affected instances are exposed to the public internet.

Administrators should apply Oracle-provided fixes or mitigations as soon as possible. If no effective mitigation is available, CISA advises discontinuing the use of the affected product.

Because successful exploitation does not require authentication, defenders should treat exposed Oracle Payments services as a high-priority incident response concern.

Organizations should review application and web-server logs for suspicious HTTP activity, unexpected administrative changes, unauthorized modifications to payment configurations, and newly created accounts.

The short remediation window reflects the severity of active exploitation. Therefore, enterprises using Oracle E-Business Suite should take immediate action to prevent attackers from exploiting CVE-2026-46817 to gain control over payment-related systems.

 Strengthen Your SOC by Accelerating Threat Detection & Rapid Investigations. -> Integrate ANY.RUN With Your SOC Now.

The post CISA Warns of Oracle E-Business Suite Vulnerability Actively Exploited in Attacks appeared first on Cyber Security News.






Abinaya





Go to cyber-security-news