CVE-2026-34279: Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Enterprise Manager Base Platform. While the vulnerability is in Oracle Enterprise Manager Base Platform, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Enterprise Manager Base Platform. in Oracle Corporation Oracle Enterprise Manager Base Platform
Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Event Management). Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Enterprise Manager Base Platform. While the vulnerability is in Oracle Enterprise Manager Base Platform, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Enterprise Manager Base Platform. CVSS 3.1 Base Score 9.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).
AI Analysis
Technical Summary
This vulnerability affects the Event Management component of Oracle Enterprise Manager Base Platform versions 13.5 and 24.1. It is easily exploitable by an attacker with high privileges and network access via HTTP, allowing compromise and potential takeover of the platform. The vulnerability's impact extends beyond the base platform to other Oracle products (scope change). The CVSS 3.1 vector indicates network attack vector, low attack complexity, high privileges required, no user interaction, scope changed, and high impacts on confidentiality, integrity, and availability (9.1 base score). Oracle has addressed this vulnerability in its April 2026 Critical Patch Update, which includes patches for this and many other vulnerabilities. Customers should consult the official Oracle advisory for patch availability and installation instructions.
Potential Impact
Successful exploitation can lead to complete compromise and takeover of the Oracle Enterprise Manager Base Platform, affecting confidentiality, integrity, and availability of the system. The vulnerability's scope change means additional Oracle products integrated with or dependent on the base platform may also be impacted. This could result in significant operational and security risks for affected organizations.
Mitigation Recommendations
Oracle has released patches for this vulnerability as part of the April 2026 Critical Patch Update. Customers are strongly advised to apply this update without delay to remediate the vulnerability. There are no indications that the vulnerability is mitigated by default or that no action is required. Patch status is confirmed via the vendor advisory. No known exploits are reported in the wild, but timely patching is critical to prevent potential exploitation.
CVE-2026-34279: Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Enterprise Manager Base Platform. While the vulnerability is in Oracle Enterprise Manager Base Platform, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Enterprise Manager Base Platform. in Oracle Corporation Oracle Enterprise Manager Base Platform
Description
Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Event Management). Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Enterprise Manager Base Platform. While the vulnerability is in Oracle Enterprise Manager Base Platform, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Enterprise Manager Base Platform. CVSS 3.1 Base Score 9.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability affects the Event Management component of Oracle Enterprise Manager Base Platform versions 13.5 and 24.1. It is easily exploitable by an attacker with high privileges and network access via HTTP, allowing compromise and potential takeover of the platform. The vulnerability's impact extends beyond the base platform to other Oracle products (scope change). The CVSS 3.1 vector indicates network attack vector, low attack complexity, high privileges required, no user interaction, scope changed, and high impacts on confidentiality, integrity, and availability (9.1 base score). Oracle has addressed this vulnerability in its April 2026 Critical Patch Update, which includes patches for this and many other vulnerabilities. Customers should consult the official Oracle advisory for patch availability and installation instructions.
Potential Impact
Successful exploitation can lead to complete compromise and takeover of the Oracle Enterprise Manager Base Platform, affecting confidentiality, integrity, and availability of the system. The vulnerability's scope change means additional Oracle products integrated with or dependent on the base platform may also be impacted. This could result in significant operational and security risks for affected organizations.
Mitigation Recommendations
Oracle has released patches for this vulnerability as part of the April 2026 Critical Patch Update. Customers are strongly advised to apply this update without delay to remediate the vulnerability. There are no indications that the vulnerability is mitigated by default or that no action is required. Patch status is confirmed via the vendor advisory. No known exploits are reported in the wild, but timely patching is critical to prevent potential exploitation.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- oracle
- Date Reserved
- 2026-03-26T19:48:45.675Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://www.oracle.com/security-alerts/cpuapr2026.html","vendor":"Oracle"}]
Threat ID: 69e7e5a219fe3cd2cdf9f7c3
Added to database: 4/21/2026, 9:01:22 PM
Last enriched: 4/21/2026, 10:01:32 PM
Last updated: 4/22/2026, 7:24:09 AM
Views: 6
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.