CVE-2026-46822
Oracle iAssets Remote Code Execution Vulnerability
Publication date: 2026-05-28
Last updated on: 2026-05-29
Assigner: Oracle
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| oracle | iassets | From 12.2.3 (inc) to 12.2.15 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Oracle iAssets product of the Oracle E-Business Suite, specifically within the Internal Operations component. It affects supported versions 12.2.3 through 12.2.15. The flaw is easily exploitable by a low privileged attacker who has network access via HTTP. Exploiting this vulnerability can allow the attacker to compromise Oracle iAssets, potentially leading to a full takeover of the product.
How can this vulnerability impact me? :
The impact of this vulnerability is severe. Successful exploitation can lead to a complete takeover of Oracle iAssets, affecting confidentiality, integrity, and availability of the system. Additionally, because the scope of the attack can extend beyond Oracle iAssets, other related products may also be significantly impacted.