CVE-2026-46898 - Vulnerability Details

Description

Vulnerability in the Oracle Enterprise Command Center Framework product of Oracle E-Business Suite (component: Core). Supported versions that are affected are V15 and V16. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Enterprise Command Center Framework. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Enterprise Command Center Framework accessible data as well as unauthorized access to critical data or complete access to all Oracle Enterprise Command Center Framework accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N).

Published: 2026-06-16

Score: 8.1 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

Oracle Enterprise Command Center Framework allows an unauthenticated attacker to exploit a vulnerability over HTTPS that, combined with human interaction, can result in the creation, deletion, or modification of critical data. The flaw enables an attacker to gain unauthorized control over framework data, potentially leading to full exposure of all accessible data.

Affected Systems

Oracle Corporation’s Enterprise Command Center Framework – affected releases include version 15 and version 16.

Risk and Exploitability

The CVSS base score of 8.1 signifies high severity with substantial confidentiality and integrity impacts. Despite a very low EPSS score (<1%), the vulnerability remains exploitable over a network-facing HTTPS interface without prior authentication, though it requires the involvement of a legitimate user to execute. The flaw is not listed in the CISA KEV catalog, indicating no known widespread exploitation at the time of analysis. An attacker would target the HTTPS endpoint, persuade or wait for a legitimate user to interact, and then exploit the lack of proper access control to compromise or modify data.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Oracle Corporation

Oracle Enterprise Command Center Framework

affected

Version	Status	Constraints
`V15`	affected	—
`V16`	affected	—

No data.

Vendor Product Confidence Versions

Oracle

Enterprise Command Center Framework

95%

Version	Status	Scheme	Platform
`V15`	affected	generic	—
`V16`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the latest Oracle Enterprise Command Center Framework update that addresses this vulnerability.
Restrict HTTPS access to the framework by configuring firewalls or network ACLs to allow only trusted IP ranges.
Enforce strong authentication, including multi‑factor authentication, for any interactive session with the framework.

Generated by OpenCVE AI on June 17, 2026 at 19:08 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00384.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://www.oracle.com/security-alerts/cspujun2026.html

History

Tue, 16 Jun 2026 20:45:00 +0000

Type	Values Removed	Values Added
Description		Vulnerability in the Oracle Enterprise Command Center Framework product of Oracle E-Business Suite (component: Core). Supported versions that are affected are V15 and V16. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Enterprise Command Center Framework. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Enterprise Command Center Framework accessible data as well as unauthorized access to critical data or complete access to all Oracle Enterprise Command Center Framework accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N).
First Time appeared		Oracle Oracle enterprise Command Center Framework
CPEs		cpe:2.3:a:oracle:enterprise_command_center_framework:v15:::::::* cpe:2.3:a:oracle:enterprise_command_center_framework:v16:::::::*
Vendors & Products		Oracle Oracle enterprise Command Center Framework
References		https://www.oracle.com/security-alerts/cspujun2026.html
Metrics		cvssV3_1 `{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N'}`

Subscriptions

Oracle Enterprise Command Center Framework

MITRE

Status: PUBLISHED

Assigner: oracle

Published: 2026-06-16T19:27:46.489Z

Updated: 2026-06-17T13:11:36.318Z

Reserved: 2026-05-18T15:55:10.310Z

Link: CVE-2026-46898

Vulnrichment

No data.

NVD

No data.

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-17T03:15:02Z

Weaknesses

No weakness.

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction Required

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object