Threat Intelligence Database

A vulnerability (CVE-2026-46935) exists in Oracle Complex Maintenance, Repair and Overhaul component of Oracle E-Business Suite versions 12.2.3 through 12.2.15. It allows a low privileged attacker with network access via HTTP to potentially compromise the product, leading to full takeover. The vulnerability is rated high severity with a CVSS 3.1 base score of 7.5, impacting confidentiality, integrity, and availability. Oracle has released a Critical Security Patch Update in June 2026 addressing this and many other vulnerabilities. Customers are strongly advised to apply the available patches promptly to mitigate risk.

CVE-2026-46934 is a high-severity vulnerability in Oracle Complex Maintenance, Repair and Overhaul component of Oracle E-Business Suite versions 12.2.3 through 12.2.15. It allows a low privileged attacker with network access via HTTP to potentially take over the affected product. The vulnerability impacts confidentiality, integrity, and availability with a CVSS 3.1 base score of 7.5. Oracle has included this vulnerability in its June 2026 Critical Security Patch Update advisory, which contains numerous patches across multiple products. Oracle strongly recommends applying the provided security patches promptly to mitigate the risk. Until patches are applied, risk reduction may be possible by blocking required network protocols or removing unnecessary privileges, though these may affect functionality.

CVE-2026-46915 is a high-severity vulnerability in Oracle Complex Maintenance, Repair and Overhaul, part of Oracle E-Business Suite. It affects version 12.2.3 and allows a low privileged attacker with network access via HTTP to potentially take over the affected product. The vulnerability has a CVSS 3.1 base score of 8.5, indicating high impact on confidentiality, integrity, and availability. Exploitation is difficult but could lead to significant compromise, including impact on additional Oracle products. Oracle has released a Critical Security Patch Update advisory recommending prompt patching and mitigation steps. No explicit patch version or fix is stated in the advisory for this specific CVE, but customers are urged to apply the June 2026 Critical Security Patch Update. Mitigations include blocking required network protocols and restricting privileges for users without need. No known exploits in the wild have been reported.