CVE-2026-46858
CriticalCVSS 9.1Exploitation Probability (EPSS)
Low risk35th percentile — higher than 35% of all known CVEs
Summary
A vulnerability in the APM - Application Performance Management product of Oracle Enterprise Manager (component: JADM, JVM Diagnostics) allows easy exploitation by an unauthenticated attacker with network access via HTTP. It can lead to unauthorized creation, deletion, or modification of critical data and complete denial of service of APM.
Risk Assessment
An attacker could gain access to critical data and cause system crashes, leading to significant disruptions in organizational operations.
Recommendation
It is recommended to update to the latest version of APM software and implement appropriate security measures to restrict system access to authorized users.
Original NVD description (English source)
Vulnerability in the APM - Application Performance Management product of Oracle Enterprise Manager (component: JADM, JVM Diagnostics). Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise APM - Application Performance Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all APM - Application Performance Management accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of APM - Application Performance Management. CVSS 3.1 Base Score 9.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H).

