PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-46872 Oracle Corporation CVE debrief

A critical vulnerability was discovered in Oracle Enterprise Manager Base Platform, affecting versions 13.5 and 24.1. The vulnerability allows high privileged attackers with network access via HTTPS to compromise the platform, potentially impacting additional products. Successful attacks can result in unauthorized creation, deletion, or modification of critical data, unauthorized read access to a subset of data, and unauthorized ability to cause a hang or frequently repeatable crash of the platform.

Vendor
Oracle Corporation
Product
Oracle Enterprise Manager Base Platform
CVSS
CRITICAL 9
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-17
Original CVE updated
2026-06-17
Advisory published
2026-06-17
Advisory updated
2026-06-17

Who should care

Organizations using Oracle Enterprise Manager Base Platform versions 13.5 and 24.1 should prioritize patching this vulnerability to prevent potential exploitation. This is crucial for operators managing these platforms, as it can impact their ability to maintain system integrity and availability. Vulnerability management and security teams should also be aware of this issue to ensure proper mitigation and remediation efforts are in place, including reviewing compensating controls and monitoring for suspicious activity.

Technical summary

The vulnerability has a CVSS 3.1 Base Score of 9.0, indicating critical severity. It is easily exploitable and allows high privileged attackers with network access via HTTPS to compromise Oracle Enterprise Manager Base Platform. The vulnerability can result in unauthorized creation, deletion, or modification access to critical data or all Oracle Enterprise Manager Base Platform accessible data, as well as unauthorized read access to a subset of data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of the platform.

Defensive priority

High

Recommended defensive actions

  • Apply patches or updates provided by Oracle Corporation to vulnerable versions of Oracle Enterprise Manager Base Platform.
  • Implement compensating controls, such as network segmentation or access controls, to limit the attack surface.
  • Monitor Oracle Enterprise Manager Base Platform for suspicious activity and implement incident response plans.
  • Conduct regular vulnerability assessments and inventory checks to ensure the platform is up-to-date and patched.
  • Consider implementing additional security measures, such as intrusion detection and prevention systems.

Evidence notes

The CVE record was published on 2026-06-17T10:54:04.907Z and last modified on 2026-06-17T17:17:15.893Z. The NVD entry is currently Modified. The vulnerability has a CVSS Vector of (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:H).

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T10:54:04.907Z and has not been modified since then. The NVD entry is currently Modified.