{"id":283952,"date":"2026-06-30T05:08:00","date_gmt":"2026-06-30T09:08:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/06\/30\/attackers-actively-exploit-the-oracle-e-business-suite-flaw-cve-2026-46817\/"},"modified":"2026-06-30T06:20:10","modified_gmt":"2026-06-30T10:20:10","slug":"attackers-actively-exploit-the-oracle-e-business-suite-flaw-cve-2026-46817","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/06\/30\/attackers-actively-exploit-the-oracle-e-business-suite-flaw-cve-2026-46817\/","title":{"rendered":"Attackers actively exploit the Oracle E-Business Suite flaw CVE-2026-46817"},"content":{"rendered":"

Attackers actively exploit the Oracle E-Business Suite flaw CVE-2026-46817<\/a><\/p>\n

https:\/\/securityaffairs.com\/194463\/security\/attackers-actively-exploit-the-oracle-e-business-suite-flaw-cve-2026-46817.html<\/a><\/p>\n

Publish Date: 2026-06-30 05:08:00<\/a><\/p>\n

Source Domain: securityaffairs.com<\/a><\/p>\n

Attackers actively exploit the Oracle E-Business Suite flaw CVE-2026-46817<\/h2>\n<\/p>\n

\t\t\t\t\t\t\t Pierluigi Paganini<\/span>
\n\t\t\t\t\t\t\t\"\"\/ June 30, 2026<\/span><\/p>\n

\t\t\t\t\t\t\"\"\/<\/p>\n

Attackers are exploiting a critical flaw in Oracle E-Business Suite, CVE-2026-46817, that allows remote, unauthenticated attackers to take over Oracle Payments.<\/h2>\n

A critical vulnerability in Oracle E-Business Suite, tracked as CVE-2026-46817, is being actively exploited in the wild, according to cybersecurity firm Defused Cyber. <\/p>\n

\u201cCVE-2026-46817 (CVSS 9.8 unauth HTTP takeover in Oracle E-Business) is being exploited Over the weekend, we observed an actor exploiting the vulnerability on our Oracle E-Business honeypots.\u201d reads the post on X published by the cybersecuriyt firm. \u201cThis vulnerability has no known previous exploitation and no public POC code exists.\u201d<\/p>\n

\ud83d\udea8 CVE-2026-46817 (CVSS 9.8 unauth HTTP takeover in Oracle E-Business) is being exploited<\/p>\n

Over the weekend, we observed an actor exploiting the vulnerability on our Oracle E-Business honeypots <\/p>\n

This vulnerability has no known previous exploitation and no public POC code\u2026 pic.twitter.com\/qL4dgPvoMP<\/p>\n

\u2014 Defused (@DefusedCyber) June 29, 2026<\/p>\n

The flaw affects Oracle Payments versions 12.2.3 through 12.2.15 and allows unauthenticated attackers to take over vulnerable systems over HTTP. Oracle fixed the issue in last month\u2019s Critical Patch Update and urges customers to apply the patches immediately.<\/p>\n

Defused Cyber did not disclose technical details about the attacks that exploited the flaw or the motivation of the attackers.<\/p>\n

In mid June, the U.S. Cybersecurity and Infrastructure Security Agency (CISA)\u00a0added\u00a0Oracle PeopleSoft Enterprise PeopleTools flaw, tracked as\u00a0CVE-2026-35273\u00a0(CVSS score of 9.8), to its\u00a0Known Exploited Vulnerabilities (KEV) catalog.<\/p>\n

Oracle PeopleSoft Enterprise PeopleTools is the underlying technology platform used to build, run, administer, and customize Oracle PeopleSoft…<\/p>\n

Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Attackers actively exploit the Oracle E-Business Suite flaw CVE-2026-46817 https:\/\/securityaffairs.com\/194463\/security\/attackers-actively-exploit-the-oracle-e-business-suite-flaw-cve-2026-46817.html Publish Date: 2026-06-30 05:08:00 Source…<\/p>\n","protected":false},"author":1,"featured_media":283953,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/securityaffairs.com\/wp-content\/uploads\/2014\/02\/Oracle.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,31,27],"class_list":["post-283952","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-exploit","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/283952"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=283952"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/283952\/revisions"}],"predecessor-version":[{"id":283954,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/283952\/revisions\/283954"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/283953"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=283952"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=283952"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=283952"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}