CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

NCSC-2026-0201 [1.00] [M/H] Vulnerabilities fixed in Oracle E-Business Suite products

unknownCVE-2026-46949CVE-2026-46950CVE-2026-46951CVE-2026-46952CVE-2026-46953CVE-2026-46955
Oracle has fixed vulnerabilities in various Oracle E-Business Suite products, including Oracle Enterprise Command Center Framework, iSupplier Portal, Complex Maintenance, Repair and Overhaul, Process Manufacturing Product Development, HR Intelligence, Receivables, Spares Management, Cost Management, Enterprise Asset Management, Applications Manager, iSupport, Advanced Outbound Telephony, Quality, HRMS (UK), Human Resources, Property Manager, Subledger Accounting, Project Portfolio Analysis, Universal Work Queue, Public Sector Financials (International), Financials for EMEA, Outsourced Manufacturing, and Public Sector Payroll. The vulnerabilities allow an attacker with network access and often low to high privileges to perform unauthorized actions, including gaining full control over the system, creating, modifying, or deleting critical data, and causing partial or complete denial-of-service. Some vulnerabilities require user interaction, while others can be exploited without authentication. The vulnerabilities affect the confidentiality, integrity, and availability of the systems. The CVSS 3.1 base scores range from 7.1 to 9.9, with multiple vulnerabilities scoring 8.8 or higher. The vulnerabilities are present in various versions, primarily between 12.2.3 and 12.2.15, and in some cases also in versions 15 and 16 of the Enterprise Command Center Framework. Exploitation can lead to complete system compromise and may also impact other Oracle products that depend on the vulnerable components.

CSIRTS triage

What
Vulnerabilities allow unauthorized actions that can lead to data manipulation and system compromise.
Who is affected
Deployments of various Oracle E-Business Suite products.
Urgency
Remediation is necessary due to the potential for significant data loss and system integrity issues.
Action
Apply the latest security updates for Oracle E-Business Suite products.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch Oracle E-Business Suite

Get an email when a new Oracle E-Business Suite advisory drops — max one per day, one-click unsubscribe.

Details

Source
NCSC-NL Advisories (NL · national-cert · site)
Severity
unknown
Published
2026-06-17
Exploitation
Not in CISA KEV at last sync
Language
Machine-translated to English — verify against the original

Original advisory: https://advisories.ncsc.nl/advisory?id=NCSC-2026-0201

Exploitation outlook

EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.

Referenced CVEs

CVECSIRTS overviewExternal
CVE-2026-46949coverage & exploitation statusNVD · CVE.org
CVE-2026-46950coverage & exploitation statusNVD · CVE.org
CVE-2026-46951coverage & exploitation statusNVD · CVE.org
CVE-2026-46952coverage & exploitation statusNVD · CVE.org
CVE-2026-46953coverage & exploitation statusNVD · CVE.org
CVE-2026-46955coverage & exploitation statusNVD · CVE.org
CVE-2026-46956coverage & exploitation statusNVD · CVE.org
CVE-2026-46957coverage & exploitation statusNVD · CVE.org
CVE-2026-46958coverage & exploitation statusNVD · CVE.org
CVE-2026-46959coverage & exploitation statusNVD · CVE.org
CVE-2026-46960coverage & exploitation statusNVD · CVE.org
CVE-2026-46961coverage & exploitation statusNVD · CVE.org
CVE-2026-46962coverage & exploitation statusNVD · CVE.org
CVE-2026-46963coverage & exploitation statusNVD · CVE.org
CVE-2026-46964coverage & exploitation statusNVD · CVE.org
CVE-2026-46965coverage & exploitation statusNVD · CVE.org
CVE-2026-46966coverage & exploitation statusNVD · CVE.org
CVE-2026-46967coverage & exploitation statusNVD · CVE.org
CVE-2026-46969coverage & exploitation statusNVD · CVE.org
CVE-2026-46970coverage & exploitation statusNVD · CVE.org
CVE-2026-46971coverage & exploitation statusNVD · CVE.org
CVE-2026-46972coverage & exploitation statusNVD · CVE.org
CVE-2026-46973coverage & exploitation statusNVD · CVE.org
CVE-2026-46976coverage & exploitation statusNVD · CVE.org
CVE-2026-46894coverage & exploitation statusNVD · CVE.org
CVE-2026-46895coverage & exploitation statusNVD · CVE.org
CVE-2026-46896coverage & exploitation statusNVD · CVE.org
CVE-2026-46897coverage & exploitation statusNVD · CVE.org
CVE-2026-46898coverage & exploitation statusNVD · CVE.org
CVE-2026-46899coverage & exploitation statusNVD · CVE.org
CVE-2026-46900coverage & exploitation statusNVD · CVE.org
CVE-2026-46901coverage & exploitation statusNVD · CVE.org
CVE-2026-46902coverage & exploitation statusNVD · CVE.org
CVE-2026-46915coverage & exploitation statusNVD · CVE.org
CVE-2026-46916coverage & exploitation statusNVD · CVE.org
CVE-2026-46918coverage & exploitation statusNVD · CVE.org
CVE-2026-46922coverage & exploitation statusNVD · CVE.org
CVE-2026-46927coverage & exploitation statusNVD · CVE.org
CVE-2026-46928coverage & exploitation statusNVD · CVE.org
CVE-2026-46929coverage & exploitation statusNVD · CVE.org
CVE-2026-46930coverage & exploitation statusNVD · CVE.org
CVE-2026-46931coverage & exploitation statusNVD · CVE.org
CVE-2026-46932coverage & exploitation statusNVD · CVE.org
CVE-2026-46933coverage & exploitation statusNVD · CVE.org
CVE-2026-46934coverage & exploitation statusNVD · CVE.org
CVE-2026-46935coverage & exploitation statusNVD · CVE.org
CVE-2026-46937coverage & exploitation statusNVD · CVE.org
CVE-2026-46938coverage & exploitation statusNVD · CVE.org

+7 more CVEs referenced in this advisory.

Recent advisories for Oracle E-Business Suite

A cluster of recent advisories against the same product widens the attack surface — attackers routinely chain freshly published CVEs on one product, so review these together.

More from NCSC-NL Advisories