PatchSiren cyber security CVE debrief
CVE-2026-46872 Oracle Corporation CVE debrief
A critical vulnerability was discovered in Oracle Enterprise Manager Base Platform, affecting versions 13.5 and 24.1. The vulnerability allows high privileged attackers with network access via HTTPS to compromise the platform, potentially impacting additional products. Successful attacks can result in unauthorized creation, deletion, or modification of critical data, unauthorized read access to a subset of data, and unauthorized ability to cause a hang or frequently repeatable crash of the platform.
- Vendor
- Oracle Corporation
- Product
- Oracle Enterprise Manager Base Platform
- CVSS
- CRITICAL 9
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-17
- Original CVE updated
- 2026-06-17
- Advisory published
- 2026-06-17
- Advisory updated
- 2026-06-17
Who should care
Organizations using Oracle Enterprise Manager Base Platform versions 13.5 and 24.1 should prioritize patching this vulnerability to prevent potential exploitation. This is crucial for operators managing these platforms, as it can impact their ability to maintain system integrity and availability. Vulnerability management and security teams should also be aware of this issue to ensure proper mitigation and remediation efforts are in place, including reviewing compensating controls and monitoring for suspicious activity.
Technical summary
The vulnerability has a CVSS 3.1 Base Score of 9.0, indicating critical severity. It is easily exploitable and allows high privileged attackers with network access via HTTPS to compromise Oracle Enterprise Manager Base Platform. The vulnerability can result in unauthorized creation, deletion, or modification access to critical data or all Oracle Enterprise Manager Base Platform accessible data, as well as unauthorized read access to a subset of data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of the platform.
Defensive priority
High
Recommended defensive actions
- Apply patches or updates provided by Oracle Corporation to vulnerable versions of Oracle Enterprise Manager Base Platform.
- Implement compensating controls, such as network segmentation or access controls, to limit the attack surface.
- Monitor Oracle Enterprise Manager Base Platform for suspicious activity and implement incident response plans.
- Conduct regular vulnerability assessments and inventory checks to ensure the platform is up-to-date and patched.
- Consider implementing additional security measures, such as intrusion detection and prevention systems.
Evidence notes
The CVE record was published on 2026-06-17T10:54:04.907Z and last modified on 2026-06-17T17:17:15.893Z. The NVD entry is currently Modified. The vulnerability has a CVSS Vector of (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:H).
Official resources
-
CVE-2026-46872 CVE record
CVE.org
-
CVE-2026-46872 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T10:54:04.907Z and has not been modified since then. The NVD entry is currently Modified.