Oracle E-Business Suite Unauthenticated RCE Vulnerability (CVE-2022-21587)
Dark Lab on Mar 14 2023
Share:
A security researcher announced on 25 January 2023 that they have observed numerous CVE-2022-21587 exploitation attempts since 21 January 2023, shortly after the release of the PoC by Vietnamese security researchers. Given the vulnerability is low in complexity, and impacts a widely deployed business solution, we posit that malicious actors will continue to attempt to exploit the vulnerability to achieve initial access and execute RCE.
It is advised that organisations running a vulnerable version of the Oracle E-Business Suite apply the latest patch released by the vendor as soon as possible. A temporary workaround is to update your firewall to block connections from the following URLs:
• /OA_HTML/BneUploaderService
• /OA_HTML/BneViewerXMLService
• /OA_HTML/BneDownloadService
• /OA_HTML/BneOfflineLOVService
https://twitter.com/Shadowserver/status/1618258799575597064
https://blog.viettelcybersecurity.com/cve-2022-21587-oracle-e-business-suite-unauth-rce/amp/
https://t.co/SGyT3abwB1
https://t.co/dlQekxZ4fD
It is advised that organisations running a vulnerable version of the Oracle E-Business Suite apply the latest patch released by the vendor as soon as possible. A temporary workaround is to update your firewall to block connections from the following URLs:
• /OA_HTML/BneUploaderService
• /OA_HTML/BneViewerXMLService
• /OA_HTML/BneDownloadService
• /OA_HTML/BneOfflineLOVService
https://twitter.com/Shadowserver/status/1618258799575597064
https://blog.viettelcybersecurity.com/cve-2022-21587-oracle-e-business-suite-unauth-rce/amp/
https://t.co/SGyT3abwB1
https://t.co/dlQekxZ4fD