Description
Vulnerability in the Oracle Process Manufacturing Product Development product of Oracle E-Business Suite (component: Quality Management Specs). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Process Manufacturing Product Development. Successful attacks of this vulnerability can result in takeover of Oracle Process Manufacturing Product Development. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
Published: 2026-06-16
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability exists in the Oracle Process Manufacturing Product Development component of Oracle E‑Business Suite, specifically within Quality Management Specs. A low‑privileged attacker who can reach the application over HTTP can exploit the flaw to compromise the system, resulting in complete takeover of the Oracle Process Manufacturing Product Development environment. The flaw causes full confidentiality, integrity, and availability loss, as indicated by a CVSS 3.1 Base Score of 8.8.

Affected Systems

Affected products include Oracle Process Manufacturing Product Development as part of Oracle E‑Business Suite. Supported versions from 12.2.3 through 12.2.15 are impacted. The vulnerability is documented for the Quality Management Specs component of that product line.

Risk and Exploitability

The attack vector is network-based via HTTP, requiring only low privilege to execute. The EPSS score is less than 1%, indicating that, as of today, exploitation is low-probability, but the CVSS score shows high severity. The vulnerability is not currently listed in CISA KEV. Given the low privilege requirement and network availability, there is a real risk that an attacker could ultimately gain full system control if the flaw is present.

Generated by OpenCVE AI on June 18, 2026 at 21:40 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor‑released patch that addresses the Quality Management Specs component for Oracle Process Manufacturing Product Development versions 12.2.3‑12.2.15.
  • Restrict HTTP access to the Oracle Process Manufacturing Product Development interface to trusted networks or protected firewalls.
  • Set up monitoring on authentication logs to detect unusual access to the Quality Management Specs interface.

Generated by OpenCVE AI on June 18, 2026 at 21:40 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 18 Jun 2026 22:00:00 +0000

Type Values Removed Values Added
Title Privilege Escalation via HTTP in Oracle Process Manufacturing Quality Management Specs

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Title Privilege Escalation via HTTP in Oracle Process Manufacturing Quality Management Specs
Weaknesses CWE-269
CWE-284
CWE-287
CWE-306
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 16 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
Description Vulnerability in the Oracle Process Manufacturing Product Development product of Oracle E-Business Suite (component: Quality Management Specs). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Process Manufacturing Product Development. Successful attacks of this vulnerability can result in takeover of Oracle Process Manufacturing Product Development. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
First Time appeared Oracle
Oracle process Manufacturing Product Development
CPEs cpe:2.3:a:oracle:process_manufacturing_product_development:*:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle process Manufacturing Product Development
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}


Subscriptions

Oracle Process Manufacturing Product Development
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-06-17T14:01:15.842Z

Reserved: 2026-05-18T15:55:10.311Z

Link: CVE-2026-46916

cve-icon Vulnrichment

Updated: 2026-06-17T14:01:09.293Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T21:45:04Z

Weaknesses
  • CWE-269

    Improper Privilege Management

  • CWE-284

    Improper Access Control

  • CWE-287

    Improper Authentication

  • CWE-306

    Missing Authentication for Critical Function