CRITICAL🇵🇱 Wersja polska

CVE-2026-46817

CVSS 9.8v3.1pub. 2026-05-28upd. 2026-06-04

Vulnerability in the Oracle Payments product of Oracle E-Business Suite (component: File Transmission). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Payments. Successful attacks of this vulnerability can result in takeover of Oracle Payments. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

🤖 AI Analysis
How it works

An attacker with network access to the system via HTTP protocol can exploit inadequate authentication or authorization controls in the File Transmission component (CWE-287, CWE-306, CWE-269). The vulnerability allows unauthorized access to system functions without the need to possess credentials. The low complexity of the attack and lack of prerequisites make this vulnerability particularly dangerous in network-exposed environments.

Impact

A successful attack leads to complete takeover of the Oracle Payments system, with the potential to compromise confidentiality, integrity, and availability of data and financial services handled by this product.

Mitigation & patch

Apply patches available from the vendor in accordance with the references — Oracle Critical Patch Update (CPU) from May 2026, available at: https://www.oracle.com/security-alerts/cspumay2026.html

Who is affected

Oracle Payments within Oracle E-Business Suite, versions 12.2.3 to 12.2.15 (inclusive), File Transmission component.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Oracle E Business Suite

    APP
    Oracle
    12.2.3 – 12.2.15
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth BypassDoS
CWE
References

Related vulnerabilities

CVE-2022-21587CRITICAL9.8⚠ KEVten sam produkt

Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component:...

CVE-2026-46819CRITICAL9.1PL ✓ten sam produkt

Krytyczny Auth Bypass w Oracle Internet Procurement Connector (E-Business Suite)

CVE-2025-30727CRITICAL9.8PL ✓ten sam produkt

Krytyczny Auth Bypass w Oracle E-Business Suite — moduł iSurvey

CVE-2019-2489CRITICAL9.1ten sam produkt

Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: OCM Que...

CVE-2019-2453CRITICAL9.1ten sam produkt

Vulnerability in the Oracle Performance Management component of Oracle E-Business Suite (subcomponent: Perform...