CVE Catalog

CVE-2026-46858

CriticalCVSS 9.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.45%

35th percentile — higher than 35% of all known CVEs

Summary

A vulnerability in the APM - Application Performance Management product of Oracle Enterprise Manager (component: JADM, JVM Diagnostics) allows easy exploitation by an unauthenticated attacker with network access via HTTP. It can lead to unauthorized creation, deletion, or modification of critical data and complete denial of service of APM.

Risk Assessment

An attacker could gain access to critical data and cause system crashes, leading to significant disruptions in organizational operations.

Recommendation

It is recommended to update to the latest version of APM software and implement appropriate security measures to restrict system access to authorized users.

Original NVD description (English source)

Vulnerability in the APM - Application Performance Management product of Oracle Enterprise Manager (component: JADM, JVM Diagnostics). Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise APM - Application Performance Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all APM - Application Performance Management accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of APM - Application Performance Management. CVSS 3.1 Base Score 9.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H).

Vulnerability data from NVD (NIST) · CISA KEV · EPSS