CVE-2026-46771
Analyzed Analyzed - Analysis Complete

Oracle ADF Java Business Objects Access Control Flaw

Vulnerability report for CVE-2026-46771, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-17

Last updated on: 2026-06-18

Assigner: Oracle

Description

Vulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middleware (component: Java Business Objects). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Application Development Framework (ADF) executes to compromise Oracle Application Development Framework (ADF). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Application Development Framework (ADF) accessible data. CVSS 3.1 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N).

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-17
Last Modified
2026-06-18
Generated
2026-07-07
AI Q&A
2026-06-17
EPSS Evaluated
2026-07-06
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
oracle application_development_framework 12.2.1.4.0
oracle application_development_framework 14.1.2.0.0

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in the Oracle Application Development Framework (ADF) component of Oracle Fusion Middleware, specifically in the Java Business Objects module. It affects supported versions 12.2.1.4.0 and 14.1.2.0.0. The vulnerability is difficult to exploit and requires a high privileged attacker who already has logon access to the infrastructure where Oracle ADF runs. If successfully exploited, it allows the attacker to compromise Oracle ADF.

Successful exploitation can lead to unauthorized access to critical data or complete access to all data accessible through Oracle ADF.

Impact Analysis

The impact of this vulnerability is unauthorized access to sensitive or critical data within Oracle Application Development Framework (ADF). An attacker with high privileges and access to the infrastructure could compromise the framework and gain access to data that should be protected.

This could result in exposure of confidential information, potentially leading to data breaches or loss of data confidentiality.

Compliance Impact

This vulnerability allows a high privileged attacker with access to the infrastructure to compromise the Oracle Application Development Framework (ADF), potentially resulting in unauthorized access to critical or all accessible data within ADF.

Such unauthorized access to critical data could impact compliance with data protection regulations and standards like GDPR and HIPAA, which require safeguarding sensitive data against unauthorized access.

However, the provided information does not explicitly describe the direct effects on compliance with these standards.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-46771. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart