Description
Vulnerability in the Oracle Process Manufacturing Product Development product of Oracle E-Business Suite (component: Quality Management Specs). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Process Manufacturing Product Development. Successful attacks of this vulnerability can result in takeover of Oracle Process Manufacturing Product Development. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
Published: 2026-06-16
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability exists in the Oracle Process Manufacturing Product Development component of Oracle E‑Business Suite, specifically within Quality Management Specs. A low‑privileged attacker who can reach the application over HTTP can exploit the flaw to compromise the system, resulting in complete takeover of the Oracle Process Manufacturing Product Development environment. The flaw causes full confidentiality, integrity, and availability loss, as indicated by a CVSS 3.1 Base Score of 8.8.

Affected Systems

Affected products include Oracle Process Manufacturing Product Development as part of Oracle E‑Business Suite. Supported versions from 12.2.3 through 12.2.15 are impacted. The vulnerability is documented for the Quality Management Specs component of that product line.

Risk and Exploitability

The attack vector is network-based via HTTP, requiring only local privilege to execute. The EPSS score is less than 1%, indicating that, as of today, exploitation is low-probability, but the CVSS score shows high severity. The vulnerability is not currently listed in CISA KEV. Given the low privilege requirement and network availability, there is a real risk that an attacker could ultimately gain full system control if the flaw is present.

Generated by OpenCVE AI on June 17, 2026 at 19:02 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor‑released patch that addresses the Quality Management Specs component for Oracle Process Manufacturing Product Development versions 12.2.3‑12.2.15.
  • Restrict HTTP access to the Oracle Process Manufacturing Product Development interface to trusted networks or protected firewalls.
  • Set up monitoring on authentication logs to detect unusual access to the Quality Management Specs interface.

Generated by OpenCVE AI on June 17, 2026 at 19:02 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 16 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
Description Vulnerability in the Oracle Process Manufacturing Product Development product of Oracle E-Business Suite (component: Quality Management Specs). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Process Manufacturing Product Development. Successful attacks of this vulnerability can result in takeover of Oracle Process Manufacturing Product Development. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
First Time appeared Oracle
Oracle process Manufacturing Product Development
CPEs cpe:2.3:a:oracle:process_manufacturing_product_development:*:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle process Manufacturing Product Development
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Oracle Process Manufacturing Product Development
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-06-17T14:01:15.842Z

Reserved: 2026-05-18T15:55:10.311Z

Link: CVE-2026-46916

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-17T00:15:16Z

Weaknesses

No weakness.