PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-46894 Oracle Corporation CVE debrief

A vulnerability exists in Oracle iSupplier Portal, a component of Oracle E-Business Suite. The affected versions are 12.2.3 to 12.2.15. This vulnerability is easily exploitable by a low-privileged attacker with network access via HTTPS. Successful attacks require human interaction from another person. Successful attacks can result in a takeover of Oracle iSupplier Portal. The CVSS 3.1 Base Score is 8.0, impacting Confidentiality, Integrity, and Availability.

Vendor
Oracle Corporation
Product
Oracle iSupplier Portal
CVSS
HIGH 8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-17
Original CVE updated
2026-06-18
Advisory published
2026-06-17
Advisory updated
2026-06-18

Who should care

Organizations using Oracle iSupplier Portal versions 12.2.3 to 12.2.15 should prioritize patching this vulnerability. The vulnerability's high CVSS score of 8.0 indicates a significant risk, with potential impacts on confidentiality, integrity, and availability. Low-privileged attackers with network access via HTTPS can exploit this vulnerability, which requires human interaction from another person.

Technical summary

The vulnerability in Oracle iSupplier Portal (CVE-2026-46894) has a CVSS 3.1 Base Score of 8.0, classified as HIGH. It is easily exploitable by a low-privileged attacker with network access via HTTPS. The attack requires human interaction from a person other than the attacker. Successful attacks can lead to the takeover of Oracle iSupplier Portal, impacting Confidentiality, Integrity, and Availability. The CVSS Vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H.

Defensive priority

High priority should be given to patching CVE-2026-46894 in Oracle iSupplier Portal versions 12.2.3 to 12.2.15. The vulnerability's ease of exploitation and potential for significant impact make it critical to address. Implementing compensating controls and closely monitoring for exploitation attempts are also recommended.

Recommended defensive actions

  • Apply the vendor-provided patch as soon as possible.
  • Restrict network access to Oracle iSupplier Portal to only necessary personnel.
  • Monitor for suspicious activity and implement additional security measures to detect potential exploitation attempts.
  • Ensure human interaction is scrutinized to prevent social engineering attacks.
  • Review and update security policies to reflect the importance of patch management.

Evidence notes

The CVE record was published on 2026-06-17T10:54:07.113Z and was last modified on 2026-06-18T17:38:09.917Z. The NVD entry is currently Analyzed. The vulnerability details are based on the official CVE and NVD sources.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T10:54:07.113Z and has not been modified since then. The NVD entry is currently Analyzed.