CVE Catalog

CVE-2026-46930

CriticalCVSS 9.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.40%

31th percentile — higher than 31% of all known CVEs

Summary

Vulnerability in the Oracle In-Memory Cost Management for Discrete Industries product of Oracle E-Business Suite allows unauthenticated attackers with network access via HTTPS to compromise the system. Attackers can gain unauthorized access to critical data and have the ability to create, delete, or modify it.

Risk Assessment

The risk to the organization includes the potential for unauthorized access to sensitive data and its modification, which can lead to serious consequences for data integrity and confidentiality.

Recommendation

It is recommended to update to the latest version of Oracle In-Memory Cost Management and implement appropriate security measures to restrict system access to authorized users.

Original NVD description (English source)

Vulnerability in the Oracle In-Memory Cost Management for Discrete Industries product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.12-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle In-Memory Cost Management for Discrete Industries. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle In-Memory Cost Management for Discrete Industries accessible data as well as unauthorized access to critical data or complete access to all Oracle In-Memory Cost Management for Discrete Industries accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).

Vulnerability data from NVD (NIST) · CISA KEV · EPSS