Vulnerability in the Oracle Cost Management product of Oracle E-Business Suite (component: Cost Planning). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Cost Management. Successful attacks of this vulnerability can result in takeover of Oracle Cost Management. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
History

Thu, 18 Jun 2026 22:45:00 +0000

Type Values Removed Values Added
Title Remote Compromise via Privileged HTTP Access in Oracle Cost Management

Thu, 18 Jun 2026 21:00:00 +0000

Type Values Removed Values Added
Title High‑Privilege Remote Takeover via HTTP in Oracle Cost Management
Weaknesses CWE-285
CWE-862

Thu, 18 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-284
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Title High‑Privilege Remote Takeover via HTTP in Oracle Cost Management
Weaknesses CWE-285
CWE-862

Tue, 16 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
Description Vulnerability in the Oracle Cost Management product of Oracle E-Business Suite (component: Cost Planning). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Cost Management. Successful attacks of this vulnerability can result in takeover of Oracle Cost Management. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
First Time appeared Oracle
Oracle cost Management
CPEs cpe:2.3:a:oracle:cost_management:*:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle cost Management
References
Metrics cvssV3_1

{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published: 2026-06-16T19:27:57.638Z

Updated: 2026-06-18T14:10:16.302Z

Reserved: 2026-05-18T15:55:10.312Z

Link: CVE-2026-46938

cve-icon Vulnrichment

Updated: 2026-06-18T14:08:44.757Z

cve-icon NVD

No data.

cve-icon Redhat

No data.