CVE Catalog

CVE-2026-46866

HighCVSS 8.2
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.38%

30th percentile — higher than 30% of all known CVEs

Summary

Vulnerability in the Oracle Enterprise Manager Base Platform product, affecting versions 13.5 and 24.1, allows an unauthenticated attacker with network access via HTTPS to compromise the platform, potentially leading to hangs or frequent crashes and unauthorized access to data.

Risk Assessment

An attacker could cause complete denial of service for Oracle Enterprise Manager and gain unauthorized access to data, leading to serious consequences for the organization.

Recommendation

It is recommended to update to the latest version of Oracle Enterprise Manager and implement appropriate security measures to restrict system access to authorized users.

Original NVD description (English source)

Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Agent Next Gen). Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Enterprise Manager Base Platform as well as unauthorized update, insert or delete access to some of Oracle Enterprise Manager Base Platform accessible data. CVSS 3.1 Base Score 8.2 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H).

Vulnerability data from NVD (NIST) · CISA KEV · EPSS