PatchSiren cyber security CVE debrief
CVE-2026-46854 Oracle Corporation CVE debrief
A critical vulnerability was discovered in Oracle Enterprise Manager Base Platform, specifically in the Target Management component. The vulnerability, tracked as CVE-2026-46854, has a CVSS score of 9.9 and allows a low-privileged attacker with network access via HTTP to compromise the platform, potentially impacting additional products. Successful attacks can result in takeover of Oracle Enterprise Manager Base Platform.
- Vendor
- Oracle Corporation
- Product
- Oracle Enterprise Manager Base Platform
- CVSS
- CRITICAL 9.9
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-17
- Original CVE updated
- 2026-06-18
- Advisory published
- 2026-06-17
- Advisory updated
- 2026-06-18
Who should care
Organizations using Oracle Enterprise Manager Base Platform versions 13.5 and 24.1 should prioritize patching this vulnerability to prevent potential takeover of the platform. Affected operators, platform administrators, vulnerability management teams, and security teams should review and act on this vulnerability.
Technical summary
CVE-2026-46854 is a vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Target Management). Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Enterprise Manager Base Platform. While the vulnerability is in Oracle Enterprise Manager Base Platform, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Enterprise Manager Base Platform. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
Defensive priority
High
Recommended defensive actions
- Apply patches or updates provided by Oracle Corporation
- Restrict network access to Oracle Enterprise Manager Base Platform
- Monitor for suspicious activity
- Implement compensating controls
- Verify inventory and perform retesting
- Review relevant monitoring, detection, and logs for exposed assets
- Track exceptions and close the item only after evidence is documented
Evidence notes
The CVE record was published on 2026-06-17T10:54:03.013Z and was last modified on 2026-06-18T04:16:49.340Z. The NVD entry is currently Analyzed. Oracle Enterprise Manager Base Platform versions 13.5 and 24.1 are confirmed affected. Defenders should verify inventory and perform retesting.
Official resources
-
CVE-2026-46854 CVE record
CVE.org
-
CVE-2026-46854 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T10:54:03.013Z and has not been modified since then. The NVD entry is currently Analyzed.