CVE Catalog

CVE-2026-46949

CriticalCVSS 9.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.40%

31th percentile — higher than 31% of all known CVEs

Summary

Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite allows unauthenticated attackers with network access via HTTP to compromise the system. Versions 12.2.3-12.2.15 are susceptible to easily exploitable attacks.

Risk Assessment

An attacker could gain unauthorized access to critical data, potentially leading to unauthorized creation, deletion, or modification of data. This poses a significant threat to the integrity and confidentiality of data within the system.

Recommendation

It is recommended to upgrade to the latest version of Oracle E-Business Suite to mitigate the risks associated with this vulnerability. Additionally, implementing appropriate network security measures to restrict access to the system is advisable.

Original NVD description (English source)

Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Advanced Outbound Telephony accessible data as well as unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).

Vulnerability data from NVD (NIST) · CISA KEV · EPSS