Threat Intelligence Database

CVE-2026-46950 is a high-severity vulnerability in Oracle Advanced Outbound Telephony (part of Oracle E-Business Suite) versions 12.2.3 through 12.2.15. It allows a low privileged attacker with network access via HTTP to compromise the product, potentially resulting in full takeover. The vulnerability has a CVSS 3.1 base score of 8.8, indicating high impact on confidentiality, integrity, and availability. Oracle has included this vulnerability in its June 2026 Critical Security Patch Update advisory, strongly recommending prompt patching. No explicit patch version is stated in the input, but Oracle advises applying the Critical Security Patch Update to mitigate this and other vulnerabilities. Until patches are applied, risk reduction may be possible by blocking required network protocols or removing unnecessary privileges, though these may affect functionality.

CVE-2026-46949 is a critical vulnerability in Oracle Advanced Outbound Telephony (part of Oracle E-Business Suite) versions 12.2.3 through 12.2.15. It allows an unauthenticated attacker with network access via HTTP to gain unauthorized creation, deletion, or modification access to critical data. The vulnerability has a CVSS 3.1 base score of 9.1, indicating high confidentiality and integrity impact without requiring user interaction or privileges. Oracle has released a Critical Security Patch Update addressing this and many other vulnerabilities and strongly recommends applying these patches promptly. Until patched, risk reduction may be possible by blocking required network protocols or restricting privileges, though these may impact functionality.

CVE-2026-46947 is a high-severity vulnerability in Oracle Advanced Outbound Telephony (part of Oracle E-Business Suite) versions 12.2.3 through 12.2.15. It allows a low privileged attacker with network access via HTTP to compromise the product, potentially leading to full takeover. The vulnerability has a CVSS 3.1 base score of 8.8, indicating high impact on confidentiality, integrity, and availability. Oracle has included this vulnerability in its June 2026 Critical Security Patch Update advisory and strongly recommends applying the patches promptly. Mitigations include applying the official patches and restricting network access or privileges where feasible until patched. No known exploits in the wild have been reported yet.