CVE-2026-46934: Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair and Overhaul. Successful attacks of this vulnerability can result in takeover of Oracle Complex Maintenance, Repair and Overhaul. in Oracle Corporation Oracle Complex Maintenance, Repair and Overhaul
CVE-2026-46934 is a high-severity vulnerability in Oracle Complex Maintenance, Repair and Overhaul component of Oracle E-Business Suite versions 12.2.3 through 12.2.15. It allows a low privileged attacker with network access via HTTP to potentially take over the affected product. The vulnerability impacts confidentiality, integrity, and availability with a CVSS 3.1 base score of 7.5. Oracle has included this vulnerability in its June 2026 Critical Security Patch Update advisory, which contains numerous patches across multiple products. Oracle strongly recommends applying the provided security patches promptly to mitigate the risk. Until patches are applied, risk reduction may be possible by blocking required network protocols or removing unnecessary privileges, though these may affect functionality.
AI Analysis
Technical Summary
CVE-2026-46934 is a vulnerability in the Oracle Complex Maintenance, Repair and Overhaul product (part of Oracle E-Business Suite) affecting versions 12.2.3 through 12.2.15. The flaw allows a low privileged attacker with network access via HTTP to compromise the product, potentially resulting in full takeover. The vulnerability has a CVSS 3.1 score of 7.5, indicating high impact on confidentiality, integrity, and availability. Oracle has published this vulnerability in its June 2026 Critical Security Patch Update advisory, which includes 245 security patches across multiple Oracle products. The advisory emphasizes the importance of applying patches without delay and notes that Oracle continues to see exploitation attempts against vulnerabilities for which patches exist but have not been applied. No explicit patch availability or remediation level is stated for this specific CVE in the advisory, but the overall update strongly recommends applying the June 2026 Critical Security Patch Update.
Potential Impact
Successful exploitation of this vulnerability can lead to complete takeover of the Oracle Complex Maintenance, Repair and Overhaul product, impacting confidentiality, integrity, and availability of the system. The attacker requires only low privileges and network access via HTTP, though the vulnerability is described as difficult to exploit. This could allow unauthorized access and control over the affected Oracle E-Business Suite component.
Mitigation Recommendations
Oracle strongly recommends applying the June 2026 Critical Security Patch Update, which addresses this vulnerability among others. Until patches are applied, risk can be partially mitigated by blocking network protocols required for exploitation and removing unnecessary privileges from users. However, these mitigations may disrupt application functionality. There is no explicit statement that a patch for this specific vulnerability is separately available outside the June 2026 update. Patch status is not yet confirmed explicitly for this CVE; customers should consult the Oracle advisory at https://www.oracle.com/security-alerts/cspujun2026.html for the latest remediation guidance and patch availability.
CVE-2026-46934: Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair and Overhaul. Successful attacks of this vulnerability can result in takeover of Oracle Complex Maintenance, Repair and Overhaul. in Oracle Corporation Oracle Complex Maintenance, Repair and Overhaul
Description
CVE-2026-46934 is a high-severity vulnerability in Oracle Complex Maintenance, Repair and Overhaul component of Oracle E-Business Suite versions 12.2.3 through 12.2.15. It allows a low privileged attacker with network access via HTTP to potentially take over the affected product. The vulnerability impacts confidentiality, integrity, and availability with a CVSS 3.1 base score of 7.5. Oracle has included this vulnerability in its June 2026 Critical Security Patch Update advisory, which contains numerous patches across multiple products. Oracle strongly recommends applying the provided security patches promptly to mitigate the risk. Until patches are applied, risk reduction may be possible by blocking required network protocols or removing unnecessary privileges, though these may affect functionality.
CVSS v3.1
Score 7.5high
Affected software
pkg:maven/com.oracle/complex-maintenance-repair-and-overhaulRun on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-46934 is a vulnerability in the Oracle Complex Maintenance, Repair and Overhaul product (part of Oracle E-Business Suite) affecting versions 12.2.3 through 12.2.15. The flaw allows a low privileged attacker with network access via HTTP to compromise the product, potentially resulting in full takeover. The vulnerability has a CVSS 3.1 score of 7.5, indicating high impact on confidentiality, integrity, and availability. Oracle has published this vulnerability in its June 2026 Critical Security Patch Update advisory, which includes 245 security patches across multiple Oracle products. The advisory emphasizes the importance of applying patches without delay and notes that Oracle continues to see exploitation attempts against vulnerabilities for which patches exist but have not been applied. No explicit patch availability or remediation level is stated for this specific CVE in the advisory, but the overall update strongly recommends applying the June 2026 Critical Security Patch Update.
Potential Impact
Successful exploitation of this vulnerability can lead to complete takeover of the Oracle Complex Maintenance, Repair and Overhaul product, impacting confidentiality, integrity, and availability of the system. The attacker requires only low privileges and network access via HTTP, though the vulnerability is described as difficult to exploit. This could allow unauthorized access and control over the affected Oracle E-Business Suite component.
Mitigation Recommendations
Oracle strongly recommends applying the June 2026 Critical Security Patch Update, which addresses this vulnerability among others. Until patches are applied, risk can be partially mitigated by blocking network protocols required for exploitation and removing unnecessary privileges from users. However, these mitigations may disrupt application functionality. There is no explicit statement that a patch for this specific vulnerability is separately available outside the June 2026 update. Patch status is not yet confirmed explicitly for this CVE; customers should consult the Oracle advisory at https://www.oracle.com/security-alerts/cspujun2026.html for the latest remediation guidance and patch availability.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- oracle
- Date Reserved
- 2026-05-18T15:55:10.312Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://www.oracle.com/security-alerts/cspujun2026.html","vendor":"Oracle"}]
Threat ID: 6a31b62d0b89be68882666e5
Added to database: 6/16/2026, 8:46:37 PM
Last enriched: 6/16/2026, 9:16:48 PM
Last updated: 6/17/2026, 5:11:15 AM
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.