CVE-2026-22011
High-Severity Privilege Escalation in Oracle EBS ADPatch Component
Publication date: 2026-04-21
Last updated on: 2026-04-23
Assigner: Oracle
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| oracle | applications_dba | From 12.2.3 (inc) to 12.2.15 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Oracle Applications DBA product of the Oracle E-Business Suite, specifically in the ADPatch component. It affects supported versions 12.2.3 through 12.2.15. The vulnerability is difficult to exploit and requires a high privileged attacker with network access via HTTP. Additionally, successful exploitation requires human interaction from someone other than the attacker. Although the vulnerability is in Oracle Applications DBA, attacks may impact additional products due to a scope change. If successfully exploited, the attacker can take over Oracle Applications DBA.
How can this vulnerability impact me? :
Successful exploitation of this vulnerability can lead to a complete takeover of the Oracle Applications DBA product. This means an attacker could gain full control over the affected system, potentially compromising confidentiality, integrity, and availability of data and services. The CVSS score of 7.6 indicates a high severity with impacts on confidentiality, integrity, and availability.