Description
Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Discovery Framework). Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Enterprise Manager Base Platform. While the vulnerability is in Oracle Enterprise Manager Base Platform, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Enterprise Manager Base Platform. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
Published: 2026-06-16
Score: 9.9 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A vulnerability in the Discovery Framework component of Oracle Enterprise Manager Base Platform allows a low‑privileged attacker with network access over HTTPS to take over the system. The flaw grants the attacker full control, leading to potential theft of sensitive data and disruption of services, and can affect additional Oracle products due to a scope change.

Affected Systems

Oracle Enterprise Manager Base Platform versions 13.5 and 24.1 are affected. The vulnerability exists within the Discovery Framework component of these products.

Risk and Exploitability

The CVSS score of 9.9 indicates critical confidentiality, integrity, and availability impacts. The EPSS score of less than 1% suggests that exploitation is currently uncommon, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is a network‑based HTTPS connection to the exposed API, inferred from the description which states network access via HTTPS is required.

Generated by OpenCVE AI on June 17, 2026 at 20:09 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Oracle patch that addresses CVE‑2026‑46832 to Oracle Enterprise Manager Base Platform.
  • Restrict HTTPS traffic to the Discovery Framework to trusted IP ranges and enforce multi‑factor authentication for users who can access it.
  • Monitor Enterprise Manager logs for anomalous Discovery Framework activity and investigate any unauthorized access attempts.

Generated by OpenCVE AI on June 17, 2026 at 20:09 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 16 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
Description Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Discovery Framework). Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Enterprise Manager Base Platform. While the vulnerability is in Oracle Enterprise Manager Base Platform, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Enterprise Manager Base Platform. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
First Time appeared Oracle
Oracle enterprise Manager Base Platform
CPEs cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_base_platform:24.1:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle enterprise Manager Base Platform
References
Metrics cvssV3_1

{'score': 9.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H'}

Subscriptions

Oracle Enterprise Manager Base Platform
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-06-17T15:30:55.888Z

Reserved: 2026-05-18T15:55:10.305Z

Link: CVE-2026-46832

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-16T23:30:15Z

Weaknesses

No weakness.