The Cybersecurity and Infrastructure Security Agency has issued an emergency directive requiring federal agencies to patch a critical vulnerability in Oracle E-Business Suite financial applications by Saturday. The order comes in response to confirmed attacks actively exploiting the security flaw to compromise government systems.
Oracle E-Business Suite is widely deployed across federal agencies for financial management, procurement, and enterprise resource planning. The vulnerability affects multiple versions of the software and has been added to CISA's Known Exploited Vulnerabilities catalog, indicating threat actors are already using it in real-world attacks against government networks.
The security flaw allows remote attackers to gain unauthorized access to vulnerable systems without requiring authentication credentials. This type of vulnerability poses significant risk because it can be exploited over the network without user interaction, making it an attractive target for both cybercriminals and nation-state actors seeking to infiltrate government financial systems.
Federal agencies running affected Oracle E-Business Suite installations face potential data breaches, financial fraud, and disruption of critical business operations. The vulnerability could allow attackers to access sensitive financial records, manipulate transactions, or establish persistent access to agency networks for future attacks.
CISA's directive requires agencies to apply Oracle's security patches by the Saturday deadline or disconnect vulnerable systems from their networks until updates can be deployed. Security teams should prioritize patching internet-facing instances first, verify successful patch deployment, and monitor for signs of compromise. Organizations outside the federal government running Oracle E-Business Suite should treat this vulnerability with equal urgency and apply available security updates immediately.
Source: https://www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-actively-exploited-oracle-flaw-by-saturday/


