Description
Vulnerability in the Oracle Advanced Inbound Telephony product of Oracle E-Business Suite (component: Setup and Administration). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Inbound Telephony. Successful attacks of this vulnerability can result in takeover of Oracle Advanced Inbound Telephony. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Published: 2026-04-21
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote code execution
Action: Apply Update
AI Analysis

Impact

Oracle Advanced Inbound Telephony in Oracle E-Business Suite contains a defect that permits an unauthenticated attacker with network access via HTTP to compromise the service. The flaw can lead to a full takeover of the telephony application, enabling the attacker to alter configurations or disrupt operations.

Affected Systems

Versions 12.2.3 through 12.2.15 of Oracle Advanced Inbound Telephony are impacted. All installations of this product that have not been updated to a later release are vulnerable.

Risk and Exploitability

The CVSS 3.1 Base Score of 9.8 indicates a high severity impact on confidentiality, integrity, and availability. The EPSS score is not available, and the vulnerability is not listed in CISA KEV. With no authentication required and access over standard HTTP, the attack vector is likely remote, making exploitation straightforward for an adversary.

Generated by OpenCVE AI on April 22, 2026 at 05:07 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest security update for Oracle Advanced Inbound Telephony when it becomes available
  • Restrict HTTP access to the telephony endpoint to trusted IP addresses or networks
  • Disable default or unused administrative accounts and enforce strong, unique credentials

Generated by OpenCVE AI on April 22, 2026 at 05:07 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 22 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-306
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 22 Apr 2026 05:30:00 +0000

Type Values Removed Values Added
Title Remote Code Execution via HTTP in Oracle Advanced Inbound Telephony
Weaknesses CWE-284
CWE-287

Wed, 22 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
Description Vulnerability in the Oracle Advanced Inbound Telephony product of Oracle E-Business Suite (component: Setup and Administration). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Inbound Telephony. Successful attacks of this vulnerability can result in takeover of Oracle Advanced Inbound Telephony. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
First Time appeared Oracle
Oracle advanced Inbound Telephony
CPEs cpe:2.3:a:oracle:advanced_inbound_telephony:*:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle advanced Inbound Telephony
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Oracle Advanced Inbound Telephony
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-04-22T14:48:19.460Z

Reserved: 2026-03-26T19:48:45.675Z

Link: CVE-2026-34275

cve-icon Vulnrichment

Updated: 2026-04-22T14:48:14.877Z

cve-icon NVD

Status : Received

Published: 2026-04-21T21:16:31.550

Modified: 2026-04-22T15:16:14.830

Link: CVE-2026-34275

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T05:15:06Z

Weaknesses