Description
Vulnerability in the Oracle Enterprise Command Center Framework product of Oracle E-Business Suite (component: Core). Supported versions that are affected are V15 and V16. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Enterprise Command Center Framework. While the vulnerability is in Oracle Enterprise Command Center Framework, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Enterprise Command Center Framework. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
Published: 2026-06-16
Score: 9.9 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Oracle Enterprise Command Center Framework contains a flaw that can be easily exploited by an attacker who has low privileges and can reach the system over HTTPS. When successfully leveraged, the vulnerability devastates confidentiality, integrity and availability, allowing an attacker to take full control of the framework. The CVSS vector indicates no user interaction is required and the attack can be performed remotely with minimal effort.

Affected Systems

Oracle Corporation’s Oracle Enterprise Command Center Framework, specifically versions 15 and 16, are affected. The vulnerability resides in the Core component of Oracle E‑Business Suite.

Risk and Exploitability

Based on the description, the attack vector is a low‑privileged attacker sending an HTTPS request to Oracle Enterprise Command Center Framework. The CVSS base score of 9.9 indicates critical impacts to confidentiality, integrity and availability. The EPSS score of less than 1% suggests a low but not negligible exploitation probability, and the vulnerability is not listed in CISA’s KEV catalog. The attacker requires only minimal effort and no user interaction to succeed.

Generated by OpenCVE AI on June 18, 2026 at 21:43 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check the Oracle security alert for the latest patch and apply it to versions 15 or 16 immediately.
  • If a patch is not yet available, upgrade the product to a newer, supported version that does not contain the vulnerability.
  • Restrict inbound HTTPS traffic to the Oracle Enterprise Command Center Framework to only trusted networks and monitor for abnormal activity.

Generated by OpenCVE AI on June 18, 2026 at 21:43 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 18 Jun 2026 22:00:00 +0000

Type Values Removed Values Added
Title Remote code execution via low‑privileged HTTPS attacker in Oracle Enterprise Command Center Framework

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Title Remote code execution via low‑privileged HTTPS attacker in Oracle Enterprise Command Center Framework
Weaknesses CWE-269
CWE-284
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 16 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
Description Vulnerability in the Oracle Enterprise Command Center Framework product of Oracle E-Business Suite (component: Core). Supported versions that are affected are V15 and V16. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Enterprise Command Center Framework. While the vulnerability is in Oracle Enterprise Command Center Framework, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Enterprise Command Center Framework. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
First Time appeared Oracle
Oracle enterprise Command Center Framework
CPEs cpe:2.3:a:oracle:enterprise_command_center_framework:v15:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_command_center_framework:v16:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle enterprise Command Center Framework
References
Metrics cvssV3_1

{'score': 9.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H'}


Subscriptions

Oracle Enterprise Command Center Framework
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-06-18T03:57:22.144Z

Reserved: 2026-05-18T15:55:10.310Z

Link: CVE-2026-46900

cve-icon Vulnrichment

Updated: 2026-06-17T13:38:07.635Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T21:45:04Z

Weaknesses
  • CWE-269

    Improper Privilege Management

  • CWE-284

    Improper Access Control