Description
Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Extensibility Framework). Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows high privileged attacker with network access via HTTPS to compromise Oracle Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in takeover of Oracle Enterprise Manager Base Platform. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
Published: 2026-06-16
Score: 7.2 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A vulnerability in the Extensibility Framework component of Oracle Enterprise Manager Base Platform allows an attacker with high privileges and network access via HTTPS to compromise the platform. Successful exploitation can result in a full takeover of the platform, providing the attacker with unrestricted control over the system and all data managed by the platform. The weakness impacts confidentiality, integrity, and availability, as reflected in the CVSS vector CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H.

Affected Systems

Oracle Corporation’s Oracle Enterprise Manager Base Platform, specifically versions 13.5 and 24.1, are affected by this vulnerability.

Risk and Exploitability

The CVSS base score of 7.2 indicates a high severity, and the EPSS score of less than 1% suggests that, at present, the likelihood of exploitation is low. However, because the vulnerability is remotely exploitable over HTTPS and not listed in the CISA KEV catalog, organizations should treat it with caution and seek remediation promptly. Attackers with high privileges could leverage the flaw to gain complete control of the platform, leading to catastrophic data loss or service disruption.

Generated by OpenCVE AI on June 17, 2026 at 20:56 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Obtain and deploy the latest security patch for Oracle Enterprise Manager Base Platform from Oracle’s official security alert, ensuring the fix for the Extensibility Framework vulnerability is applied.
  • If a patch is temporarily unavailable, restrict access to the platform’s HTTPS port to trusted internal IP ranges and enforce network segmentation to limit exposure.
  • Enable comprehensive logging and continuously monitor for anomalous activity or unauthorized configuration changes on the platform, alerting security staff immediately.
  • Apply least privilege principles when configuring user roles in Oracle Enterprise Manager to reduce the risk that a high‑privilege account can be abused.

Generated by OpenCVE AI on June 17, 2026 at 20:56 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Title High Privilege Takeover via Extensibility Framework in Oracle Enterprise Manager Base Platform
Weaknesses CWE-284
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 16 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
Description Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Extensibility Framework). Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows high privileged attacker with network access via HTTPS to compromise Oracle Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in takeover of Oracle Enterprise Manager Base Platform. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
First Time appeared Oracle
Oracle enterprise Manager Base Platform
CPEs cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_base_platform:24.1:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle enterprise Manager Base Platform
References
Metrics cvssV3_1

{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}


Subscriptions

Oracle Enterprise Manager Base Platform
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-06-18T03:56:20.620Z

Reserved: 2026-05-18T15:55:10.308Z

Link: CVE-2026-46868

cve-icon Vulnrichment

Updated: 2026-06-17T14:59:45.978Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T08:00:07Z

Weaknesses