Unauthorized Data Access Vulnerability in Oracle Enterprise Asset Management
CVE-2026-46932

7.1HIGH

Key Information:

Vendor: Oracle
Status: Oracle Enterprise Asset Management
Vendor: CVE Published:; 16 June 2026

What is CVE-2026-46932?

A vulnerability exists in Oracle Enterprise Asset Management that enables a low privileged attacker with network access via HTTP to exploit the system. If successfully executed, this can lead to unauthorized access to sensitive data, comprising critical business information. Furthermore, the attacker may possess the capability to initiate a partial denial of service, affecting the availability of the service. This issue specifically impacts versions 12.2.3 to 12.2.15 within the Oracle E-Business Suite, necessitating prompt attention and remediation from affected users.

Affected Version(s)

Oracle Enterprise Asset Management 12.2.3 <= 12.2.15

References

https://www.oracle.com/security-alerts/cspujun2026.html

vendor-advisory

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 16, 2026
Vulnerability Reserved
May 18, 2026

CVE-2026-46932 Data

JSON