PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-46932 Oracle Corporation CVE debrief

A vulnerability was discovered in Oracle Enterprise Asset Management, a product of Oracle E-Business Suite. The vulnerability affects versions 12.2.3-12.2.15 and allows a low-privileged attacker with network access via HTTP to compromise the system. Successful attacks can result in unauthorized access to critical data and partial denial of service. This vulnerability has a high severity level with a CVSS 3.1 Base Score of 7.1.

Vendor
Oracle Corporation
Product
Oracle Enterprise Asset Management
CVSS
HIGH 7.1
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-17
Original CVE updated
2026-06-17
Advisory published
2026-06-17
Advisory updated
2026-06-17

Who should care

Organizations using Oracle Enterprise Asset Management versions 12.2.3-12.2.15 should prioritize patching this vulnerability to prevent potential data breaches and service disruptions. Operators, platform administrators, vulnerability management teams, and security teams should be aware of the potential impact and take necessary actions.

Technical summary

The vulnerability, CVE-2026-46932, has a CVSS 3.1 Base Score of 7.1, indicating a high severity level. It is classified under CWE-284 and allows for unauthorized access to critical data and partial denial of service. The CVSS Vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L. This vulnerability affects Oracle Enterprise Asset Management versions 12.2.3-12.2.15, allowing a low-privileged attacker with network access via HTTP to compromise the system.

Defensive priority

High

Recommended defensive actions

  • Apply the patch from Oracle as soon as possible
  • Conduct a thorough inventory check to identify affected systems
  • Implement compensating controls to monitor and restrict access to critical data
  • Review and update network access controls to prevent exploitation
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
  • Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance
  • Plan vendor-supported updates or mitigations through normal change control where exposure is confirmed

Evidence notes

The CVE record was published on 2026-06-17T10:54:12.707Z and last modified on 2026-06-17T17:17:04.133Z. The NVD entry is currently Analyzed. The vulnerability is described in the Oracle security alert for June 2026. The source item URL for CVE-2026-46932 is available for further information.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T10:54:12.707Z and has not been modified since then. The NVD entry is currently Analyzed.