Initiatives for
    
    As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
      
     
                  Reference:
Advisory #2023-23
Version:
1.0
Affected software:
Oracle E-Business Suite versions 12.2.3-12.2.11
Type:
Critical arbitrary file upload
CVE/CVSS:
CVE-2022-21587
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS Base Score: 9.8
https://www.oracle.com/security-alerts/cpuoct2022.html
https://cxsecurity.com/ascii/WLB-2023030001
https://packetstormsecurity.com/files/171208/Oracle-E-Business-Suite-EBS-Unauthenticated-Arbitrary-File-Upload.html
An exploit was found for CVE-2022-21587, a vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite. The vulnerability can culminate in takeover of the Oracle Web Applications Desktop Integrator.
CVE-2022-21587 is a critical arbitrary file upload vulnerability in Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite that can affect the supported versions 12.2.3-12.2.11. The exploitation of the vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator.
A public Proof-of-Concept is available for this vulnerability:
https://packetstormsecurity.com/files/171208/Oracle-E-Business-Suite-EBS-Unauthenticated-Arbitrary-File-Upload.html
Because the vulnerability is exploited in the wild, it is very important organisations patch their applications immediately and check their servers for compromise!
The Centre for Cybersecurity Belgium recommends system administrators to patch vulnerable systems as soon as possible and to analyse system and network logs for any suspicious activity. Organisations should investigate if they suspect an intrusion attempt.
To address the flaw, Oracle released a critical patch update available at https://www.oracle.com/security-alerts/cpuoct2022.html.
If your organization has already identified an intrusion or incident, please report it via: https://ccb.belgium.be/cert/report-incident