CVE Catalog

CVE-2026-46898

HighCVSS 8.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.35%

27th percentile — higher than 27% of all known CVEs

Summary

Vulnerability in the Oracle Enterprise Command Center Framework product of Oracle E-Business Suite (component: Core) affects versions V15 and V16. It allows an easily exploitable attack by an unauthenticated attacker with network access via HTTPS, potentially leading to unauthorized creation, deletion, or modification of critical data.

Risk Assessment

An attacker could gain unauthorized access to critical data or complete access to all data accessible in the Oracle Enterprise Command Center Framework, posing a serious threat to the integrity and confidentiality of the organization's data.

Recommendation

It is recommended to update to the latest version of Oracle E-Business Suite and implement additional security measures to restrict system access to authorized users only.

Original NVD description (English source)

Vulnerability in the Oracle Enterprise Command Center Framework product of Oracle E-Business Suite (component: Core). Supported versions that are affected are V15 and V16. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Enterprise Command Center Framework. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Enterprise Command Center Framework accessible data as well as unauthorized access to critical data or complete access to all Oracle Enterprise Command Center Framework accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N).

Vulnerability data from NVD (NIST) · CISA KEV · EPSS