PatchSiren cyber security CVE debrief
CVE-2026-46951 Oracle Corporation CVE debrief
A vulnerability exists in Oracle Quality, a component of Oracle E-Business Suite. The affected versions are 12.2.3-12.2.15. This vulnerability allows a low-privileged attacker with network access via HTTP to compromise Oracle Quality, potentially leading to its takeover. The CVSS 3.1 Base Score is 8.8, indicating high severity with impacts on Confidentiality, Integrity, and Availability.
- Vendor
- Oracle Corporation
- Product
- Oracle Quality
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-17
- Original CVE updated
- 2026-06-18
- Advisory published
- 2026-06-17
- Advisory updated
- 2026-06-18
Who should care
Organizations using Oracle E-Business Suite, specifically those with Oracle Quality component versions 12.2.3-12.2.15, should be aware of this vulnerability. The vulnerability's high CVSS score and potential for exploitation by low-privileged attackers make it a priority for security teams to assess and mitigate.
Technical summary
The vulnerability in Oracle Quality, a component of Oracle E-Business Suite, has a CVSS 3.1 Base Score of 8.8 with a vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. This indicates that the vulnerability is easily exploitable, requires low privileges, and can lead to high impacts on confidentiality, integrity, and availability. The affected versions of Oracle Quality are from 12.2.3 to 12.2.15. Organizations should assess their current version of Oracle Quality within this range and prioritize patching. Compensating controls such as network segmentation or access restrictions can limit exploitation opportunities. Monitoring for suspicious activity related to Oracle Quality and enhancing authentication and authorization mechanisms are also recommended. Applying the vendor's security patch as soon as possible is crucial. The CVE record was published on 2026-06-17T10:54:14.320Z and was last modified on 2026-06-18T20:52:55.317Z. The NVD entry is currently Analyzed.
Defensive priority
High
Recommended defensive actions
- Assess the current version of Oracle Quality within the affected range (12.2.3-12.2.15) and prioritize patching.
- Implement compensating controls such as network segmentation or access restrictions to limit exploitation opportunities.
- Monitor for any suspicious activity related to Oracle Quality.
- Review and enhance authentication and authorization mechanisms for Oracle Quality.
- Apply the vendor's security patch as soon as possible.
Evidence notes
The CVE record was published on 2026-06-17T10:54:14.320Z and was last modified on 2026-06-18T20:52:55.317Z. The NVD entry is currently Analyzed. The vulnerability is described as easily exploitable and allows a low-privileged attacker with network access via HTTP to compromise Oracle Quality.
Official resources
-
CVE-2026-46951 CVE record
CVE.org
-
CVE-2026-46951 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T10:54:14.320Z and has not been modified since then. The NVD entry is currently Analyzed.