ON
← Back to feed
Oracle e-business suite: attacks on payments detected
Germany🏛️ Politicsyesterday

Oracle e-business suite: attacks on payments detected

The article reports on a newly discovered security vulnerability in Oracle E-Business Suite, specifically within Oracle Payments, which allows remote attackers to take over systems. IT security researchers from DefusedCyber observed attacks targeting this flaw in their honeypot systems, though they did not provide details on the nature or scale of the attacks or evidence of successful exploitation. Oracle has patched the vulnerability through its May 2026 Critical Security Patch Update, but there is currently no indication that the flaw has been actively exploited. The vulnerability, rated as high risk with a CVSS score of 9.8, affects versions of Oracle Payments up to 12.2.15. The discovery echoes past vulnerabilities in Oracle’s E-Business Suite that were exploited in late 2025, leading to ransomware attacks.

Security researchers have observed attacks targeting a critical vulnerability in Oracle's E-Business Suite, specifically within its Oracle Payments component. The flaw allows unauthenticated attackers to exploit a weakness in the file transfer functionality, enabling them to take full control of affected systems remotely. This discovery comes after a recent post on social media platform X by security experts from DefusedCyber, who confirmed they had detected such attacks in their honeypot systems over the weekend. Prior to this revelation, there were no known instances of exploitation or proof-of-concept code being shared publicly.

The vulnerability, identified as CVE-2026-46817, has been rated as high risk with a CVSS score of 9.8. It affects Oracle Payments versions ranging from 12.2.3 up to 12.2.15. According to Oracle’s description of the flaw, the issue lies in the HTTP access point of vulnerable systems, which can be exploited by attackers without prior authentication. This means that even individuals without legitimate access could potentially gain entry into these systems through this specific weakness.

Oracle addressed this vulnerability during its first "Critical Security Patch Update" (CSPU) in May of this year, releasing a software patch to fix the issue. However, despite the availability of the patch, there was no indication in Oracle’s May patch day overview that the vulnerability was actively being targeted or exploited in real-world scenarios. This lack of explicit warning raises questions about how many organizations might still be running unpatched systems, leaving them exposed to potential threats.

The emergence of this new vulnerability echoes similar issues discovered in Oracle’s E-Business Suite last autumn, when a wave of attacks led to widespread ransomware incidents among Oracle customers. At that time, cybercriminals exploited vulnerabilities in the suite to infiltrate corporate networks and demand ransoms from affected businesses. These past events highlight the ongoing challenges faced by enterprises using Oracle products, particularly regarding timely updates and robust cybersecurity measures.

DefusedCyber did not provide detailed information about the nature or scale of the current attacks beyond confirming their observation through honeypot systems. They also noted that there are currently no indicators of compromise (IOCs) available for administrators to detect signs of attack on their systems. Without concrete evidence or patterns indicating successful breaches, it remains unclear whether the observed attacks have resulted in actual data exfiltration or system compromises.

As the situation develops, cybersecurity professionals will likely focus on monitoring for additional signs of exploitation and ensuring that all relevant systems are patched according to Oracle’s latest recommendations. Organizations utilizing Oracle Payments should review their current configurations and apply necessary updates promptly to mitigate risks associated with this newly identified threat. Given the history of similar vulnerabilities leading to significant disruptions, proactive measures remain crucial in safeguarding against future exploits.

Go to the primary sources (4)

The official sources this coverage is built on. Read them directly to bypass framing.

2 reports

heise online logoheise onlineIndependentCenterFactual 85Objective 803 days ago
Oracle e-business suite: attacks on payments detected

The article reports on a newly discovered security vulnerability in Oracle E-Business Suite, specifically within Oracle Payments, which allows remote attackers to take over systems. IT security researchers from DefusedCyber observed attacks targeting this flaw in their honeypot systems, though they did not provide details on the nature or scale of the attacks or evidence of successful exploitation. Oracle has patched the vulnerability through its May 2026 Critical Security Patch Update, but there is currently no indication that the flaw has been actively exploited. The vulnerability, rated as high risk with a CVSS score of 9.8, affects versions of Oracle Payments up to 12.2.15. The discovery echoes past vulnerabilities in Oracle’s E-Business Suite that were exploited in late 2025, leading to ransomware attacks.

Bias read (Center): The article presents a factual report on a cybersecurity issue without overtly favoring any political stance. It focuses on technical details, expert observations, and corporate responses, maintaining neutrality in its framing.

Why these scores (Factual 85 · Objective 80): The article accurately reports the vulnerability details, including the CVE identifier, affected versions, and CVSS score. It mentions the observation of attacks in honeypots but notes lack of specific attack details. The article remains mostly factual but slightly omits some technical specifics fro

heise online logoheise onlineIndependentCenteryesterday
Schwachstellen in Synology MailPlus Server lassen Angreifer passieren

The article reports on three security vulnerabilities discovered in Synology MailPlus Server, which could allow attackers to access files or trigger denial-of-service (DoS) attacks. Two of the flaws are classified as critical (CVE-2025-15660 and CVE-2026-13136), with the latter having a maximum CVSS score of 10 out of 10. The third vulnerability (CVE-2026-13135) is rated as medium, allowing unauthorized access to internal services, though specifics are not provided. Synology developers claim these issues have been resolved in version 4.0.1-21663 for DSM 7.2.1, 7.2.2, and 7.3. There are currently no reported ongoing attacks exploiting these vulnerabilities.

Bias read (Center): The article presents factual information about technical security vulnerabilities without taking a political stance. It provides objective details about the nature of the flaws, their severity ratings, and the vendor’s response, without introducing ideological or partisan perspectives.

Keep the news honest.

ObjectiveNews is reader-funded and ad-free — we show you the bias instead of hiding it. Support independent journalism for €5/month.

Become a Supporter

Related stories