Oracle E-Business Suite (OEBS)

Oracle E-Business Suite is Oracle's ERP system that manages all aspects of the company's operations: finance, manufacturing, personnel, procurement, logistics, marketing, sales, service, supplier and customer relationships.

Oracle E-Business Suite has the capabilities of business analysis and takes into account the specific tasks of various industries, including: military-industrial complex and aircraft industry, mechanical engineering, chemistry, telecommunications, power, public and financial sectors, healthcare, trade and distribution, construction, transport and utilities.

2025

Disclosing a list of 30 companies that have been affected by Oracle's ERP system hack. Among them are Logitech, Schneider Electric and Emerson

In mid-November 2025, it became known that approximately 30 organizations were affected by a cyber attack aimed at users of the Oracle E-Business Suite (EBS) ERP system. The attackers made public data allegedly stolen from 18 victims, in some cases making hundreds of gigabytes and even several terabytes of files public.

As SecurityWeek notes, cyber groups of Cl0p and FIN11 are involved in the massive attack. The malicious campaign is related to the exploitation of vulnerabilities in Oracle EBS. The attackers sent messages to the heads of hacked companies and institutions with a statement about the theft of confidential information and a ransom demand.

A list of 30 companies that have suffered from the hacking of Oracle's ERP system has been disclosed. Among them are Logitech, Schneider Electric and Emerson

The affected organizations included the Washington Post, Harvard University (USA), Witwatersrand University (South Africa ) and Envoy Air (a subsidiary of American Airlines): all of them confirmed the fact of hacking. In addition, among the victims of the attack, cybercriminals name industrial corporations Schneider Electric and Emerson, consumer electronics manufacturer Logitech, communications and automotive conglomerate Cox Enterprises, silver and gold manufacturer Pan American Silver, auto parts manufacturer LKQ Corporation and heating, ventilation and air conditioning company Copeland.

Other victims were enterprises from a variety of industries. Among them, in particular, the mining industry, professional services, water disposal, construction, insurance, finance, manufacturing, transport, automotive, power, etc. Organizations affected by the Oracle EBS breach are conducting internal investigations, assessing the impact and extent of the damage.^[1]

Oracle ERP web interface has a "hole" that hackers around the world have already exploited

In early October, FSTEC sent a warning about the discovery of a critical vulnerability in the Oracle E-Business Suite (OEBS) web interface BDU:2025-12468^[2], which received a danger rating of 9.8 points (out of 10 possible). The bug has been fixed by the manufacturer - it is recommended to install its update as quickly as possible, since an exploit exists for the vulnerability. In addition, there is evidence that this vulnerability was already used in the summer of 2025 to carry out attacks.

The threat is related to the shortcomings of the authentication procedure, which can allow an intruder acting remotely to execute arbitrary code by sending a specially crafted HTTP request. That is, the vulnerability belongs to the class of incorrect authentication (CWE-287), and no credentials need to be transmitted to exploit. The error is present in versions 12.2.13 to 12.2.14 inclusive. The discovered vulnerability gives the unauthenticated attacker complete control over the vulnerable Oracle Concurrent Processing component, which could compromise the entire OEBS system.

Given that the vulnerability is exploited through a web interface and does not require pre-authentication, it is theoretically suitable for mass attacks - especially if vulnerable instances are available from the public segment of the Internet, warned TAdviser readers Ekaterina Edemskaya, an analyst engineer at Gazinformservice. - However, in practice, large-scale use depends on the number of systems available from the outside, their configuration and whether attackers have accurate signatures for automated scanning.

According to the Google Threat Intelligence Group (GTIG) and Mandiant, malicious activity associated with a new vulnerability in Oracle EBS was first identified on September 29, 2025. The attackers sent emails to the leaders of "many" organizations with statements about the theft of confidential information and a ransom demand for non-disclosure of this information.

Oracle has confirmed the presence of vulnerabilities in its ERP system, which have already been exploited by attackers to attack companies around the world

The malicious campaign is linked to cybercriminal groups Cl0p and FIN11. Charles Carmakal, Mandiant's chief technology officer, told^[3]hackers stole EBS user data in August 2025 and about a month later began sending ransom letters.

Oracle Corporation initially stated that this cyber campaign is associated with the exploitation of a number of vulnerabilities for which fixes have already been released. However, later the head of the security service of the software supplier Rob Duhart confirmed that the hackers also exploited a previously unknown flaw.

OEBS has traditionally been used in large Russian organizations, especially in industry, finance and retail, - explained to TAdviser Mikhail Pyryev, product manager of UDV Group. - Despite the fact that in recent years some companies have gradually migrated to domestic systems, not everyone has been able to completely abandon Oracle. This is due to the high cost of the transition and deep integration into business processes. Therefore, we can say that in the Russian corporate segment such systems are still quite common.

However, in Russia, such systems are trying to hide from common access. They are mainly owned by large companies that have become accustomed to constant attacks on their infrastructure in three years, so they try to protect their web resources available from the outside as much as possible.

OEBS is used where comprehensive modules of finance, supply, warehouses and production are required and where there are resources for implementation and support, - said Kirill Levkin, project manager of MD Audit. - In the mid-sized business segment, the prevalence is lower: many are switching to lighter cloud ERP, but Oracle remains a significant player among critical corporate installations.

Oracle has released an unscheduled security update to fix the problem. However, its installation is possible only after the October package of fixes for 2023, which requires additional attention from administrators, due to the lack of official support for the decisions of a foreign developer from March 2022 in Russia.

If the system is not segmented properly, even an internal user can exploit this vulnerability, "Anton Antropov, CTO of IT Task, told TAdviser. - However, for mass attacks, such vulnerabilities are used less often due to the specifics of the architecture and the limited number of open EBS instances in external segments.

Nevertheless, Oracle itself in the warning published indicators of compromise (IoC) indicating two IP addresses as sources of attacks - one of which is located in Panama. IoC also includes links to three files - a zip archive and two Python scripts, which can also be used in the attack. Moreover, the file names indicate a cybercriminal group of Cl0p that has developed a ransomware platform and specializes in extortion. In order not to become a victim of Cl0p or FIN11, it is worth following the recommendations of information security experts.

The most effective approach seems to be an integrated approach, - said Viktor Gurov, an expert on cybersecurity Ideco. - First, it is critical to separate Oracle servers into separate isolated network segments to minimize the potential attack surface. Secondly, restrict access to Oracle strictly within the company's contour and only for authorized sources. Third, it is recommended that next generation firewalls (NGFWs) be used to quickly prevent intrusion. Their key advantage in this context is the ability to conduct deep traffic analysis (DPI), capable of detecting and blocking malicious packets that target specific vulnerabilities before they reach the target system.

2023: US authorities find holes in Oracle software used for cyber attacks on state-owned companies

February 2, 2023 U.S. Cybersecurity and Infrastructure Protection Agency (CISA) reported that network attackers exploit vulnerabilities software Oracle in and, SugarCRM organizing attacks on government agencies.

One of the holes in question is described in the CVE-2022-21587 security bulletin. It affects ON the Oracle E-Business Suite. According to the CVSS classification, the gap has a rating of 9.8 points out of 10 possible. This suggests a high risk of vulnerability. It allows an unauthenticated attacker with HTTP access to the network to compromise Oracle Web Applications Desktop Integrator. The company Oracle released a fix for the hole in October 2022, but many organizations never installed the update. Experts in the field information security emphasize that this gap can be "easily exploited" in practice.

The second problem, CVE-2023-22952, has an 8.8-point rating. It affects SugarCRM products up to version 12.0. Successful exploitation of this vulnerability allows attackers to perform remote execution of arbitrary program code on the victim's computer. The exploit for this hole was discovered on December 30, 2022, and since then cybercriminals have been conducting attacks on various companies and organizations. IT security experts at Censys have found more than 3,000 copies of malicious code on the Internet that targets a vulnerability in SugarCRM.

Experts emphasize that SugarCRM is an extremely popular customer relationship management product often used by small and medium-sized businesses. Therefore, hacking the system can have extremely negative consequences for the organization, including the leakage of confidential information.^[4]

2019: Fix 10 vulnerabilities

On October 17, 2019, it became known that Oracle has fixed 219 dangerous vulnerabilities in different product lines. E-Business Suite received 10 fixes. Read more here.

2015: Oracle E-Business Suite 12.2.5

On October 21, 2015, Oracle announced the release of Oracle E-Business Suite version 12.2.5.

Version 12.2.5 offers a modern user interface and added functionality in all components of the integrated complex, provides higher operational efficiency.

Oracle E-Business Suite (2015)

User interface

Interfaces and ways of working in Oracle E-Business Suite 12.2.5 are implemented taking into account other Oracle products so that users can switch between Oracle E-Business Suite modules and Oracle Cloud applications using a visually and functionally compatible interface. Among the most important business benefits of the new version of the integrated Oracle E-Business Suite:

• users are offered navigation elements with support for touch control or using traditional icons and tabs, as well as new interaction capabilities and widgets.

• HTML user interfaces optimized for tablets - Interfaces based on HTML and optimized for tablets provide mobile (on-the-go) access for business users who have to move frequently (for example, for site managers and production control specialists).

• Enhanced Information Discovery Capabilities - Enhances existing Information Discovery applications in Oracle E-Business Suite and applications added in many functional areas of the system to identify, analyze, and solve business-critical tasks. Additional improvements include mobile templates, support for descriptive flexible fields, global search, and flexible links.

Functionality for all Oracle E-Business Suites

Oracle E-Business Suite 12.2.5 offers functional enhancements designed to meet customer needs. Oracle E-Business Suite offers the following features:

• Financials (Financial Management) - Oracle General Ledger is integrated with the Approvals Management (AME) platform to increase the automation of the transaction approval process, as well as improve management, control, and compliance. Oracle Receivables provides new methods for automatically matching receipts.

• Procurement (Procurement Management) - Oracle Procurement Command Center allows you to increase the transparency of purchasing operations and improve access for more efficient procurement management. Oracle iProcurement Information Discovery helps improve purchasing decision-making with ratings and reviews for product items and catalog service assortment. iProcurement allows you to load directories through the Oracle Supplier Network (OSN) to automate catalog management.

• Projects (Project Management) - Oracle Advanced Project Planning and Control allows you to increase project visibility by enabling proactive management. Oracle Projects helps improve project control with a contractual payment schedule.

• Order Management and Logistics () Logistics - Oracle Order Management includes additional enhancements for a more flexible process for managing orders for goods, services, subscriptions, and warranty services. Oracle Contract Renewal Command Center helps increase the transparency of service contract rollover and lease renewal processes. The flexible process of marking serial numbers in Inventory Management and Warehouse Management modules accelerates work by reading serial numbers only at the place of use. Sourcing areas in Oracle Warehouse Management reduce downtime and improve picking efficiency.

• Manufacturing (Manufacturing Management) - the functionality of component balance management allows production planners and production managers to identify the shortage of components and other unforeseen situations, to make appropriate amendments to production plans and schedules. Extended support for production outsourcing scenarios includes support for tolling in discrete production, and support for outsourcing operations for process production.

• Asset Management - Oracle Enterprise Asset Management provides map visualization functionality to simplify asset location management and work management for discrete and linear assets.

• Service (Service Management) - Oracle Service allows you to implement a common service center by using the Multi-Org Access Control (MOAC) mechanism. And users who perform service operations directly access service requests only from their service department. Custom HTML user interfaces in Oracle Field Service and Oracle TeleService applications help improve the efficiency of onsite service managers and call centers operators.

Value Chain Planning - Oracle Service Parts Planning provides functionality for the automotive and high-tech industries. The Oracle Advanced Supply Chain Planning user interface now includes the ability to work on mobile devices.

• Human Capital Management (HR) is a flexible analytical HTML panel for payroll management that allows you to quickly check readiness and provides improved payroll control for employees. Organizations can customize talent matrix across dimensions to improve talent management.

System performance

One of the main features of the previous version of Oracle E-Business Suite 12.2 is the online deployment mechanism for patch packages - Online Patching. This feature helps you complete a seamless and predictable patching process that reduces system shutdown times while maintaining high business continuity requirements. Oracle E-Business Suite improves the efficiency and transparency of Online Patching operations. Simplified patch mode for development environments allows developers to quickly apply and test code changes without using the full suite of Online Patching features. DBAs and system administrators will be able to take advantage of the system validation and patch monitoring capabilities, as well as the faster start-up and completion of middle tier procedures in the client/server architecture.

2014

14 OEBS mobile applications presented

On October 10, 2014, Oracle Corporation announced the release of 14 mobile applications for Oracle E-Business Suite. They include "horizontal" applications for all employees and business applications based on functional roles by line of business.

Applications help improve productivity and employee satisfaction by enabling them to perform simple functions while out of the office or on the go:

• Mobile Approvals - Managers can instantly respond to pending requests and search for past cost approvals, requisitions, purchase orders, and more.

• Mobile Expenses - Employees can easily and quickly record expenses as they arise, take into account expenses in the context of projects and cost centers, and upload corporate credit card details.

• Mobile Timecards - Employees and contractors can quickly specify the number of hours worked or days with minimal data entry, specify the working time for payroll and work volume accounting in projects, send and view work time records.

• Mobile iProcurement - Employees can view and track the status of purchase requisitions, including approval and delivery, to ensure that their requests are expedited.

New mobile business applications based on functional roles accelerate business operations and support informed decision-making with increased transparency and access to enterprise data and features:

• Mobile Sales Orders - Sales employees can receive up-to-date customer order information, including order numbers and status, prices, adjustments and approvals, item reservations, outstanding orders, and delivery.

• Mobile Inventory - Supply managers can quickly search and view on-the-go cash and inventory across the enterprise with all its branches, and monitor inventory and deferred movement activities.

• Mobile Product Information - Product and Supply Chain Managers can easily search and view product information, including specifications, images, consumer properties, source parameters, supplier data, and quantity on hand.

• Mobile Procurement - Purchasing professionals can track the purchasing approval process and the resulting supply exceptions, and quickly search for purchase order information to respond to requests.

• Mobile Project Manager - Project managers and employees can instantly contact the project team and customers, monitor the overall status of the project - including budget, accounts payable (payables) and invoiced, expected to be paid (receivables), disputes and change orders - and monitor budget overruns and overdue transactions.

• Mobile Discrete Production Supervisor - Site managers at discrete manufacturing facilities can easily monitor production order fulfillment and associated resources and materials, monitor exceptions, and take prompt action to block, quickly cancel, and issue production orders.

• Mobile Process Production Supervisor - Process managers can clearly monitor plant summary and batch information, including relevant milestones, materials, and exceptions. They can take prompt action to release, complete, reschedule and cancel a production batch.

• Mobile Project Manufacturing - Project managers and production managers can quickly find and manage project materials and manage the financial aspects associated with meeting project material needs.

• Mobile Maintenance - Repair and maintenance technicians can track, perform and complete the work assigned to them, as well as search for information about the life of the asset, record readings of measuring instruments. equipment, as well as draw up and fill out applications for work and repair orders.

• Mobile Field Service - Field technicians can remotely receive service requests, product requests, customer requirements, and other information related to their work tasks. Technicians can update tasks; Collect detailed information on materials, timelines, and prices. Obtain inventory level information return, transfer or request spare parts and components regardless of access to; and Internet synchronize data online.

The applications are available for free to licensed users and are compatible with both Oracle E-Business Suite 12.1.3 and Oracle E-Business Suite 12.2, allowing organizations to deploy them without having to upgrade.

The new apps are available for iOS in the Apple App Store and are slated for release for Android.

Oracle E-Business Suite 12.2.4

On August 21, 2014, Oracle announced the launch of Oracle E-Business Suite 12.2.4.

The new version offers an updated user interface, improvements in many functional areas, based on the experience of Oracle clients, expanded integration with cloud solutions of the vendor.

Customers using Oracle E-Business Suite 12.2 can use online patching to access the latest functionality.

The updated Oracle E-Business Suite helps organizations optimize, business processes reduce costs, and respond quickly to market changes by offering improvements in the following areas of Enterprise Resource Planning: ERP

• Oracle Financials - Reduce approval cycles by concurrently approving invoices. One mass distribution formula is used to generate distribution postings for all master books in a set. Integration with Oracle Revenue Management Cloud enables you to leverage the benefits of this business application for compliance in revenue recognition.
• Oracle Projects - Enhancements to Oracle Project Contracts and Oracle Project Billing solutions allow federal contractors to improve cash flow, increase transparency and control, and automate billing.
• Oracle Purchasing - The ability to create and modify supply order lines, delivery schedules, and distributions through spreadsheets that allow you to download data using Web ADI improves the customer's performance when processing large orders.
• Oracle iProcurement - A simplified one-step review process allows employees to quickly complete purchases and start the claim approval process.
• Oracle Procurement Contracts - Improve customer productivity by auditing contract documents and reviewing detailed information on policy deviations and added terms and conditions.
• Oracle Services Procurement - Enhanced functionality gives purchasing professionals greater flexibility to support a wide range of complex order scenarios.
• Oracle Channel Revenue Management - Improved wholesale opportunity and simplified interface help users quickly adapt to changing business environments.

Helping organizations turn supply chains from a functional need into a competitive advantage, the new version of Oracle E-Business Suite offers improved management capabilities (supply chains Supply Chain Management,): SCM

• Oracle Order Management - The new HTML user interface provides ease of use, added flexibility, and advanced capabilities.
• Oracle Yard Management is a new business application that allows manufacturing companies, distributors and capital-intensive enterprises to manage and track the flow of vehicles and their cargo entering and leaving the territory of distribution centers, production complexes, transport terminals and other sites.
• Oracle Manufacturing - Greatly facilitates the use of the Oracle Manufacturing Execution System (MES) to improve operator efficiency by simplifying the entry of time and quality control data. New capabilities to manage the disassembly of serial product assemblies are supported when customers return products and enable internal reuse of components.
• Oracle Enterprise Asset Management - Improvements made to support line asset management in industries such as oil and gas, utilities, and the public sector help improve efficiency, as well as eliminate the need for expensive integration and system refinements.
• Oracle Service - An improved spare parts dashboard improves the performance of planners.
• Oracle Value Chain Planning provides numerous enhancements across a wide range of business applications, including expanding industry functionality such as managing the minimum remaining shelf life of pharmaceutical and consumer products, synchronizing multi-stage manufacturing for the process manufacturing industry, and integrating Oracle Service Parts Planning and Oracle Enterprise Asset Management solutions for capital-intensive industries. New marketing planning analysis tools at Oracle Advanced Planning Command Center improve business understanding.

To help organizations modernizing Human Capital Management (HCM), the new version of Oracle E-Business Suite offers improvements:

• Oracle Payroll - a dashboard for payroll management allows you to easily monitor readiness, reconcile data, and explore analytics throughout the payroll management cycle, helping payroll employees gain a complete understanding of payroll processes, eliminate costly errors, and improve performance.
• Oracle Self-Service Human Resources - The Operations Dashboard allows employees and managers to track the approval processes of self-service operations and review parts at any time after final approval.
• Oracle Learning Management - An improved user interface allows employees to easily search the training course catalog, more fully engage in training, and share experiences with other students.

Simplifying the use of business applications, the new version of Oracle E-Business Suite offers user interface design improvements:

• Optimized for tablet touchscreens, including larger buttons and gesture support.
• Enable the user to hide/show table columns and save changes as custom personalization.
• A simplified home page with color icons makes it easy to access frequently used functions, and a convenient universal global control panel at the top of the screen provides easy access to common functions from any page.
• More granular configuration of proxy access provides greater control over the authorization of other Oracle E-Business Suite users.

2013: Oracle E-Business Suite 12.2

On September 19, 2013, Oracle announced the launch of a new version of Oracle E-Business Suite 12.2.

High availability of enterprise systems requires continuity of key business processes and Oracle has released Oracle E-Business Suite 12.2. The new version includes the functionality of online deployment of Online Patching patches, which significantly reduces the periods of scheduled maintenance. The updated software suite improves efficiency by leveraging the latest Oracle platform functionality and cross-industry enhancements for core business applications.

Oracle E-Business Suite 12.2 leverages the Oracle Fusion Middleware integrated technology stack to improve efficiency and improve application availability, performance, and scalability.

Functional innovations

Oracle's integrated E-Business Suite offers hundreds of cross-industry functionality covering Enterprise Resource Planning, Human Capital Management, and Supply Chain Management, helping to manage business in a global society.

Oracle E-Business Suite 12.2 helps you optimize your business processes, helps you reduce costs, and enables you to respond quickly to market changes. The new version includes improvements:

• Oracle Contract Lifecycle Management for Public Sector is an integrated procurement management solution that improves the efficiency of procurement processes in the public sector, ensuring compliance with rules and regulatory regulations.
• Oracle Financials - Integration with Oracle Fusion Accounting Hub and Oracle Data Relationship Management helps companies improve automation and efficiency by supporting evolving accounting and reporting requirements.
• Oracle Projects - Expanding the payroll allocation structure improves cost control and accelerates project cash flows.
• Oracle Purchasing - Improved integration, automation of complex hierarchical approval processes, and built-in best business practices improve the efficiency of the entire procurement cycle.
• Oracle Supplier Lifecycle Management - Advanced vendor evaluation user interface, qualification redirection tools, and mandatory documentation maintenance enable organizations to streamline vendor evaluation processes.

The new version of Oracle E-Business Suite provides supply chain management capabilities:

• Oracle Order Management - A new subscription service sales solution leverages Oracle Configurator effectively to provide users with the ability to configure and sell products along with their service subscription in a single order.
• Oracle Warehouse Management - Optimized mobile user interfaces, advanced management tools, advanced dual-unit accounting, and enhancement capabilities provide greater flexibility in operations.
• Oracle Manufacturing Execution System - simplification of use, including in urgent serial production, increases the productivity of production line operators (shops) and increases the level of compliance with regulatory standards through standardization. In addition, Oracle's Kanban Inventory Planning and Supply Management solution enables enterprises to successfully implement lean manufacturing concepts.
• Oracle Enterprise Asset Management - Improved safety support helps prevent injuries.

To upgrade methods Human Resources Management to a new version of Oracle, E-Business Suite has:

• Oracle Payroll and Oracle Time and Labor - the simplest, for managers, payroll functions help reduce project costs, optimize labor management.

2008:87 projects in Russia

Oracle Clients in Russia (ERP) main article "

According to the data, TAdviser as of October 2008 Russia , 87 implementation projects were implemented in (ERP systems Oracle 10th place in terms of the number of ERP projects).

Notes