Home/News/900+ Oracle E-Business Instances Exposed to Attacks
BleepingComputer2 min read

900+ Oracle E-Business Instances Exposed to Attacks

Over 900 Oracle E-Business Suite (EBS) instances have been identified as exposed online and vulnerable to ongoing attacks exploiting a critical security flaw. This widespread exposure comes as threat actors are actively targeting these systems, according to a report by security firm Censys. The vulnerability, tracked as CVE-2024-29972, is a critical remote code execution (RCE) flaw that allows unauthenticated attackers to gain control of affected servers. Censys researchers discovered over 900 internet-facing Oracle EBS instances that are potentially vulnerable, with a significant portion of these actively being scanned and exploited by malicious actors.

The security firm's analysis indicates that the exploitation attempts began shortly after the vulnerability was disclosed. The lack of an official patch from Oracle for this specific vulnerability exacerbates the risk for organizations still relying on E-Business Suite. Censys noted that while Oracle has acknowledged the issue and is working on a fix, there is no immediate solution available, leaving businesses exposed. The firm's telemetry shows a surge in scanning activity targeting the vulnerable component, suggesting a coordinated effort by attackers to compromise these systems.

Oracle E-Business Suite is a comprehensive suite of business applications used by many large enterprises for financial management, human resources, supply chain, and customer relationship management. The compromise of these instances could lead to severe data breaches, system disruption, and financial losses. The active exploitation of CVE-2024-29972 highlights the urgent need for organizations to implement compensating controls, such as network segmentation or Web Application Firewalls (WAFs), to protect their Oracle EBS environments until a permanent patch is released. Security professionals are advising immediate action to assess exposure and mitigate risks.

Original source — read the full reporting at the publisher:

Read on BleepingComputer

Read next