Search
Find a vulnerability
Search criteria
2 vulnerabilities found for Oracle Financials for EMEA by Oracle Corporation
CVE-2026-46969 (GCVE-0-2026-46969)
Vulnerability from nvd – Published: 2026-06-16 19:28 – Updated: 2026-06-17 17:17
VLAI
Summary
Vulnerability in the Oracle Financials for EMEA product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Financials for EMEA. Successful attacks of this vulnerability can result in takeover of Oracle Financials for EMEA. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
Severity
7.2 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Financials for EMEA. Successful attacks of this vulnerability can result in takeover of Oracle Financials for EMEA.
- CWE-284 - Improper Access Control
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.oracle.com/security-alerts/cspujun2026.html | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Oracle Corporation | Oracle Financials for EMEA |
Affected:
12.2.3 , ≤ 12.2.15
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-46969",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-17T17:15:52.973912Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-17T17:17:08.423Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Oracle Financials for EMEA",
"vendor": "Oracle Corporation",
"versions": [
{
"lessThanOrEqual": "12.2.15",
"status": "affected",
"version": "12.2.3",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:financials_for_emea:*:*:*:*:*:*:*:*",
"versionEndIncluding": "12.2.15",
"versionStartIncluding": "12.2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en-US",
"value": "Vulnerability in the Oracle Financials for EMEA product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Financials for EMEA. Successful attacks of this vulnerability can result in takeover of Oracle Financials for EMEA. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Financials for EMEA. Successful attacks of this vulnerability can result in takeover of Oracle Financials for EMEA.",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-16T19:28:05.718Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "Oracle Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://www.oracle.com/security-alerts/cspujun2026.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2026-46969",
"datePublished": "2026-06-16T19:28:05.718Z",
"dateReserved": "2026-05-18T15:55:10.314Z",
"dateUpdated": "2026-06-17T17:17:08.423Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-46969 (GCVE-0-2026-46969)
Vulnerability from cvelistv5 – Published: 2026-06-16 19:28 – Updated: 2026-06-17 17:17
VLAI
Summary
Vulnerability in the Oracle Financials for EMEA product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Financials for EMEA. Successful attacks of this vulnerability can result in takeover of Oracle Financials for EMEA. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
Severity
7.2 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Financials for EMEA. Successful attacks of this vulnerability can result in takeover of Oracle Financials for EMEA.
- CWE-284 - Improper Access Control
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.oracle.com/security-alerts/cspujun2026.html | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Oracle Corporation | Oracle Financials for EMEA |
Affected:
12.2.3 , ≤ 12.2.15
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-46969",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-17T17:15:52.973912Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-17T17:17:08.423Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Oracle Financials for EMEA",
"vendor": "Oracle Corporation",
"versions": [
{
"lessThanOrEqual": "12.2.15",
"status": "affected",
"version": "12.2.3",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:financials_for_emea:*:*:*:*:*:*:*:*",
"versionEndIncluding": "12.2.15",
"versionStartIncluding": "12.2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en-US",
"value": "Vulnerability in the Oracle Financials for EMEA product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Financials for EMEA. Successful attacks of this vulnerability can result in takeover of Oracle Financials for EMEA. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Financials for EMEA. Successful attacks of this vulnerability can result in takeover of Oracle Financials for EMEA.",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-16T19:28:05.718Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "Oracle Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://www.oracle.com/security-alerts/cspujun2026.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2026-46969",
"datePublished": "2026-06-16T19:28:05.718Z",
"dateReserved": "2026-05-18T15:55:10.314Z",
"dateUpdated": "2026-06-17T17:17:08.423Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}