Description
Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Install). Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows high privileged attacker with network access via HTTPS to compromise Oracle Enterprise Manager Base Platform. While the vulnerability is in Oracle Enterprise Manager Base Platform, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Enterprise Manager Base Platform accessible data as well as unauthorized read access to a subset of Oracle Enterprise Manager Base Platform accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Enterprise Manager Base Platform. CVSS 3.1 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:H).
Published: 2026-06-16
Score: 9 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Vulnerability resides in the Install component of Oracle Enterprise Manager Base Platform. An attacker who has high privileges and can reach the system over HTTPS may compromise the platform, enabling the creation, deletion, or modification of critical data, as well as unauthorized reading of sensitive information. The weakness allows the attacker to cause a hang or complete denial‑of‑service through repeated crashes.

Affected Systems

Oracle Corporation’s Oracle Enterprise Manager Base Platform, specifically versions 13.5 and 24.1, are affected. Any environment deploying these instances is at risk.

Risk and Exploitability

The CVSS 3.1 base score is 9.0, reflecting high impact on confidentiality, integrity, and availability. EPSS indicates exploitation probability is very low (<1 %). The vulnerability is not listed in CISA KEV, but the scope change suggests that other Oracle applications could be impacted if the platform is compromised. Based on the description, the likely attack vector is HTTPS, requiring the attacker to possess high‑level credentials within the network.

Generated by OpenCVE AI on June 17, 2026 at 18:18 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Oracle patch for Enterprise Manager Base Platform 13.5 or 24.1 as published in the security advisory
  • Restrict HTTPS access to the platform to trusted hosts only, using firewall rules or VPN to limit exposure
  • Enforce strict access controls and review user privileges to ensure only authorized personnel have high privilege rights required to exploit this issue
  • Enable and monitor detailed logging for configuration changes, data modifications, and application crashes to detect potential abuse early

Generated by OpenCVE AI on June 17, 2026 at 18:18 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 16 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
Description Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Install). Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows high privileged attacker with network access via HTTPS to compromise Oracle Enterprise Manager Base Platform. While the vulnerability is in Oracle Enterprise Manager Base Platform, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Enterprise Manager Base Platform accessible data as well as unauthorized read access to a subset of Oracle Enterprise Manager Base Platform accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Enterprise Manager Base Platform. CVSS 3.1 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:H).
First Time appeared Oracle
Oracle enterprise Manager Base Platform
CPEs cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_base_platform:24.1:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle enterprise Manager Base Platform
References
Metrics cvssV3_1

{'score': 9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:H'}

Subscriptions

Oracle Enterprise Manager Base Platform
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-06-17T15:11:24.053Z

Reserved: 2026-05-18T15:55:10.308Z

Link: CVE-2026-46872

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-17T01:00:15Z

Weaknesses

No weakness.