PatchSiren cyber security CVE debrief
CVE-2026-46894 Oracle Corporation CVE debrief
A vulnerability exists in Oracle iSupplier Portal, a component of Oracle E-Business Suite. The affected versions are 12.2.3 to 12.2.15. This vulnerability is easily exploitable by a low-privileged attacker with network access via HTTPS. Successful attacks require human interaction from another person. Successful attacks can result in a takeover of Oracle iSupplier Portal. The CVSS 3.1 Base Score is 8.0, impacting Confidentiality, Integrity, and Availability.
- Vendor
- Oracle Corporation
- Product
- Oracle iSupplier Portal
- CVSS
- HIGH 8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-17
- Original CVE updated
- 2026-06-18
- Advisory published
- 2026-06-17
- Advisory updated
- 2026-06-18
Who should care
Organizations using Oracle iSupplier Portal versions 12.2.3 to 12.2.15 should prioritize patching this vulnerability. The vulnerability's high CVSS score of 8.0 indicates a significant risk, with potential impacts on confidentiality, integrity, and availability. Low-privileged attackers with network access via HTTPS can exploit this vulnerability, which requires human interaction from another person.
Technical summary
The vulnerability in Oracle iSupplier Portal (CVE-2026-46894) has a CVSS 3.1 Base Score of 8.0, classified as HIGH. It is easily exploitable by a low-privileged attacker with network access via HTTPS. The attack requires human interaction from a person other than the attacker. Successful attacks can lead to the takeover of Oracle iSupplier Portal, impacting Confidentiality, Integrity, and Availability. The CVSS Vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H.
Defensive priority
High priority should be given to patching CVE-2026-46894 in Oracle iSupplier Portal versions 12.2.3 to 12.2.15. The vulnerability's ease of exploitation and potential for significant impact make it critical to address. Implementing compensating controls and closely monitoring for exploitation attempts are also recommended.
Recommended defensive actions
- Apply the vendor-provided patch as soon as possible.
- Restrict network access to Oracle iSupplier Portal to only necessary personnel.
- Monitor for suspicious activity and implement additional security measures to detect potential exploitation attempts.
- Ensure human interaction is scrutinized to prevent social engineering attacks.
- Review and update security policies to reflect the importance of patch management.
Evidence notes
The CVE record was published on 2026-06-17T10:54:07.113Z and was last modified on 2026-06-18T17:38:09.917Z. The NVD entry is currently Analyzed. The vulnerability details are based on the official CVE and NVD sources.
Official resources
-
CVE-2026-46894 CVE record
CVE.org
-
CVE-2026-46894 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T10:54:07.113Z and has not been modified since then. The NVD entry is currently Analyzed.