PatchSiren cyber security CVE debrief
CVE-2026-46957 Oracle Corporation CVE debrief
A high-severity vulnerability was discovered in Oracle iSupplier Portal, a component of Oracle E-Business Suite. The vulnerability, tracked as CVE-2026-46957, has a CVSS score of 7.5 and can be exploited by a low-privileged attacker with network access via HTTP, potentially leading to a takeover of the Oracle iSupplier Portal. This vulnerability is located in the Internal Operations component and is difficult to exploit, but successful attacks can result in the takeover of Oracle iSupplier Portal, impacting Confidentiality, Integrity, and Availability. Organizations should prioritize patching due to the high CVSS score and potential for exploitation. The CVE record was published on 2026-06-17T10:54:14.843Z and was last modified on 2026-06-18T20:57:46.447Z. The NVD entry is currently Analyzed. The vulnerability affects Oracle iSupplier Portal versions 12.2.3-12.2.15.
- Vendor
- Oracle Corporation
- Product
- Oracle iSupplier Portal
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-17
- Original CVE updated
- 2026-06-18
- Advisory published
- 2026-06-17
- Advisory updated
- 2026-06-18
Who should care
Organizations using Oracle E-Business Suite, specifically those with Oracle iSupplier Portal versions 12.2.3-12.2.15, should prioritize patching this vulnerability to prevent potential exploitation.
Technical summary
The vulnerability is located in the Internal Operations component of Oracle iSupplier Portal. It is a difficult-to-exploit vulnerability that allows a low-privileged attacker with network access via HTTP to compromise Oracle iSupplier Portal. Successful attacks can result in the takeover of Oracle iSupplier Portal. The CVSS 3.1 Base Score is 7.5, indicating high impacts on Confidentiality, Integrity, and Availability.
Defensive priority
High priority should be given to patching this vulnerability due to its high CVSS score and the potential for exploitation leading to a complete takeover of the Oracle iSupplier Portal.
Recommended defensive actions
- Apply the patch provided by Oracle Corporation as soon as possible.
- Review and update inventory to ensure all affected versions are identified and patched.
- Implement compensating controls such as monitoring and exception tracking until patching can be completed.
- Verify the effectiveness of the patch through retesting.
- Perform a thorough review of system configurations to ensure they align with security best practices.
- Monitor for any suspicious activity that could indicate attempted exploitation.
- Keep records of patching and verification processes for audit purposes.
Evidence notes
The CVE record was published on 2026-06-17T10:54:14.843Z and was last modified on 2026-06-18T20:57:46.447Z. The NVD entry is currently Analyzed. The vulnerability affects Oracle iSupplier Portal versions 12.2.3-12.2.15.
Official resources
-
CVE-2026-46957 CVE record
CVE.org
-
CVE-2026-46957 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-17T10:54:14.843Z and has not been modified since then. The NVD entry is currently Analyzed.