CVE-2026-46930
Awaiting Analysis Awaiting Analysis - Queue
Oracle E-Business Suite In-Memory Cost Management Data Access Flaw

Publication date: 2026-06-17

Last updated on: 2026-06-17

Assigner: Oracle

Description
Vulnerability in the Oracle In-Memory Cost Management for Discrete Industries product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.12-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle In-Memory Cost Management for Discrete Industries. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle In-Memory Cost Management for Discrete Industries accessible data as well as unauthorized access to critical data or complete access to all Oracle In-Memory Cost Management for Discrete Industries accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-17
Last Modified
2026-06-17
Generated
2026-06-17
AI Q&A
2026-06-17
EPSS Evaluated
N/A
NVD
CVE-2026-46930
EUVD
EUVD-2026-37246
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
oracle in-memory_cost_management_for_discrete_industries From 12.2.12 (inc) to 12.2.15 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Oracle In-Memory Cost Management for Discrete Industries product, part of the Oracle E-Business Suite. It affects supported versions 12.2.12 through 12.2.15. The flaw allows an unauthenticated attacker with network access via HTTPS to exploit the system easily.

Successful exploitation can lead to unauthorized creation, deletion, or modification of critical data or complete access to all data accessible by Oracle In-Memory Cost Management for Discrete Industries.

Impact Analysis

The impact of this vulnerability is severe as it allows attackers to gain unauthorized access without any authentication.

  • Attackers can create, delete, or modify critical data.
  • Attackers can gain complete access to all data accessible by the affected Oracle product.

This can lead to data breaches, data integrity issues, and potentially disrupt business operations.

Compliance Impact

The vulnerability allows an unauthenticated attacker with network access to compromise Oracle In-Memory Cost Management for Discrete Industries, resulting in unauthorized creation, deletion, or modification of critical data, as well as unauthorized access to all accessible data.

Such unauthorized access and modification of critical data could potentially lead to non-compliance with common standards and regulations like GDPR and HIPAA, which require protection of sensitive data and maintaining data integrity and confidentiality.

However, the provided information does not explicitly state the impact on compliance with these standards.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-46930. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart