PatchSiren cyber security CVE debrief
CVE-2026-46932 Oracle Corporation CVE debrief
A vulnerability was discovered in Oracle Enterprise Asset Management, a product of Oracle E-Business Suite. The vulnerability affects versions 12.2.3-12.2.15 and allows a low-privileged attacker with network access via HTTP to compromise the system. Successful attacks can result in unauthorized access to critical data and partial denial of service. This vulnerability has a high severity level with a CVSS 3.1 Base Score of 7.1.
- Vendor
- Oracle Corporation
- Product
- Oracle Enterprise Asset Management
- CVSS
- HIGH 7.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-17
- Original CVE updated
- 2026-06-17
- Advisory published
- 2026-06-17
- Advisory updated
- 2026-06-17
Who should care
Organizations using Oracle Enterprise Asset Management versions 12.2.3-12.2.15 should prioritize patching this vulnerability to prevent potential data breaches and service disruptions. Operators, platform administrators, vulnerability management teams, and security teams should be aware of the potential impact and take necessary actions.
Technical summary
The vulnerability, CVE-2026-46932, has a CVSS 3.1 Base Score of 7.1, indicating a high severity level. It is classified under CWE-284 and allows for unauthorized access to critical data and partial denial of service. The CVSS Vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L. This vulnerability affects Oracle Enterprise Asset Management versions 12.2.3-12.2.15, allowing a low-privileged attacker with network access via HTTP to compromise the system.
Defensive priority
High
Recommended defensive actions
- Apply the patch from Oracle as soon as possible
- Conduct a thorough inventory check to identify affected systems
- Implement compensating controls to monitor and restrict access to critical data
- Review and update network access controls to prevent exploitation
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
- Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance
- Plan vendor-supported updates or mitigations through normal change control where exposure is confirmed
Evidence notes
The CVE record was published on 2026-06-17T10:54:12.707Z and last modified on 2026-06-17T17:17:04.133Z. The NVD entry is currently Analyzed. The vulnerability is described in the Oracle security alert for June 2026. The source item URL for CVE-2026-46932 is available for further information.
Official resources
-
CVE-2026-46932 CVE record
CVE.org
-
CVE-2026-46932 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T10:54:12.707Z and has not been modified since then. The NVD entry is currently Analyzed.