Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
DHS Confirms Breach of HSIN Information Sharing Network
July 2, 2026
ChatGPT Flaw Exposes User Files, Poses System Access Risk
July 2, 2026
Critical Oracle E-Business Suite CVE-2024-21094 exploited, exposing 900+ instances
July 2, 2026
Home/CyberSecurity News/Critical Oracle E-Business Suite CVE-2024-21094 exploited, exposing 900+ instances
CyberSecurity News

Critical Oracle E-Business Suite CVE-2024-21094 exploited, exposing 900+ instances

Key Takeaways Over 900 Oracle E-Business Suite (EBS) instances are publicly exposed online. A critical vulnerability, CVE-2024-21094, is actively being exploited against these exposed EBS servers....

Marcus Rodriguez
Marcus Rodriguez
July 2, 2026 3 Min Read
3 0

Key Takeaways

  • Over 900 Oracle E-Business Suite (EBS) instances are publicly exposed online.
  • A critical vulnerability, CVE-2024-21094, is actively being exploited against these exposed EBS servers.
  • This flaw allows remote code execution, threatening sensitive ERP data and critical business operations.
  • Organizations must immediately secure exposed instances and apply available patches.

Critical Oracle E-Business Suite Vulnerability Exploited, Over 900 Instances Exposed

More than 900 instances of Oracle E-Business Suite (EBS) are currently exposed to the public internet, creating a significant attack surface as threat actors actively exploit a critical vulnerability within the platform. This situation places mission-critical enterprise resource planning (ERP) environments at immediate and severe risk of compromise.

Table Of Content

  • Key Takeaways
  • Critical Oracle E-Business Suite Vulnerability Exploited, Over 900 Instances Exposed
  • Internet-Exposed Oracle E-Business Instances Under Attack
  • What You Should Do

Recent analysis by cybersecurity researchers indicates that a substantial number of Oracle EBS servers are directly accessible from the internet. Rather than being segmented within private networks or secured behind VPNs, these systems are openly exposed, dramatically increasing their vulnerability to attack.

The Shadowserver Foundation has reported tracking approximately 950 Oracle EBS instances online. This enhanced visibility follows improvements to their fingerprinting methodology, which now incorporates domain-based scanning alongside traditional IP-based probes. This more sophisticated approach allows for a more accurate identification of exposed systems.

We have improved our Oracle E-Business Suite fingerprinting by adding domain based scans in collaboration with @ValidinLLC. Around 950 exposed instances now seen globally (no vulnerability assessment). CVE-2024-21094 attempts have been observed in the wild by @DefusedCyber pic.twitter.com/gghdTt5b1X

— The Shadowserver Foundation (@Shadowserver) July 1, 2026

The primary threat targeting these exposed instances is a recently disclosed critical vulnerability, identified as CVE-2024-21094. This flaw in Oracle E-Business Suite permits remote attackers to execute arbitrary code, potentially granting them complete control over the compromised application stack and underlying systems.

Security researchers have issued urgent warnings that active exploitation of this vulnerability is already underway in the wild. This means adversaries are not merely scanning for vulnerable systems but are actively attempting to leverage the flaw against internet-facing EBS servers to gain unauthorized access.

Given Oracle E-Business Suite’s widespread use across finance, supply chain management, human resources, and other essential back-office operations, successful exploitation could lead to devastating consequences. Attackers could gain access to highly sensitive transactional data, operational intelligence, and other critical business information.

World Map view of exposed EBS instances( source : x)
World Map view of exposed EBS instances (source: ShadoServer)

Many of the identified exposed instances belong to large enterprises and critical service providers. A compromise could therefore result in widespread data theft, manipulation of financial records, severe disruption of logistics and supply chains, or serve as a beachhead for lateral movement deeper into corporate networks.

Internet-Exposed Oracle E-Business Instances Under Attack

According to the Shadowserver Foundation, their recent internet scans have confirmed the presence of numerous exposed Oracle EBS instances that are actively being targeted by threat actors. This detection capability was significantly improved through a collaborative effort with Validin LLC.

The enhanced methodology allows Shadowserver to more accurately identify EBS deployments by analyzing domain signatures and specific application fingerprints, moving beyond sole reliance on IP-level banners. This partnership has proven crucial in uncovering the true scope of the exposure.

What You Should Do

  • Isolate Exposed Instances: Immediately identify any Oracle E-Business Suite instances directly reachable from the public internet. Move these systems behind secure access controls such as VPNs, zero-trust gateways, or dedicated firewalls.
  • Apply Security Patches: Promptly apply the latest security patches released by Oracle that address CVE-2024-21094 and any other critical vulnerabilities. Ensure all middleware components associated with EBS are also fully updated.
  • Enhance Monitoring: Implement robust logging and monitoring for all Oracle EBS environments. Look for indicators of compromise (IoCs) or any unusual activity that might suggest probing or exploitation attempts. Integrate relevant detection rules into SIEM and EDR platforms.
  • Harden Deployments: Enforce strong authentication mechanisms, disable all unnecessary services, and deploy web application firewalls (WAFs) in front of EBS instances. Conduct regular external exposure assessments to identify and remediate potential attack vectors.
  • Prioritize Risk: Treat all internet-exposed Oracle EBS instances as high-priority risk assets. Assume they are being actively probed by malicious actors and prepare for rapid incident response.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackCVEExploitPatchSecurityThreatVulnerability

Share Article

Marcus Rodriguez

Marcus Rodriguez

Marcus is a security researcher and investigative journalist with expertise in vulnerability research, bug bounties, and cloud security. Since 2017, Marcus has been breaking stories on critical vulnerabilities affecting major platforms. His investigative work has led to the disclosure of numerous security flaws and improved defenses across the industry. Marcus is an active participant in bug bounty programs and has been recognized for responsible disclosure practices. He holds multiple security certifications and regularly speaks at industry events.

Previous Post

Fake VLC Installer Delivers ValleyRAT Malware

Next Post

ChatGPT Flaw Exposes User Files, Poses System Access Risk

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
Opera’s New Paste Protect Blocks Clipboard Attacks, Including ClickFix
July 2, 2026
JADEPUFFER Ransomware Targets Cloud API Keys with Python Payloads
July 2, 2026
ValleyRAT Malware Uses Malicious VLC DLL to Attack Systems
July 2, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
Emy Elsamnoudy
Emy Elsamnoudy
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us