Description
Vulnerability in the Oracle In-Memory Cost Management for Discrete Industries product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.12-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle In-Memory Cost Management for Discrete Industries. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle In-Memory Cost Management for Discrete Industries accessible data as well as unauthorized access to critical data or complete access to all Oracle In-Memory Cost Management for Discrete Industries accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).
Published: 2026-06-16
Score: 9.1 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability in Oracle In‑Memory Cost Management for Discrete Industries allows an unauthenticated network attacker with HTTPS access to create, modify, or delete critical data. A successful exploitation compromises confidentiality and integrity, granting the attacker full access to all data stored in the component, which can potentially disrupt business operations and compromise sensitive information.

Affected Systems

Affected systems include Oracle Corporation's Oracle In‑Memory Cost Management for Discrete Industries component of Oracle E‑Business Suite, specifically versions 12.2.12 through 12.2.15. Any environment running these releases is at risk.

Risk and Exploitability

The CVSS 3.1 base score of 9.1 reflects a high impact with no authentication required and no user interaction. The EPSS score is less than 1%, indicating a very low probability of exploitation, and the vulnerability is not listed in CISA KEV, suggesting it has not yet been widely compromised. The likely attack vector is a network-based HTTPS session, requiring no special privileges beyond standard protocol traffic, making it easily exploitable for any attacker with network reach to the system.

Generated by OpenCVE AI on June 17, 2026 at 22:15 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Oracle patch for versions 12.2.12-12.2.15 as detailed in the Oracle security alert.
  • Restrict HTTPS traffic to the In‑Memory Cost Management component using firewall or ACL rules until the patch is applied.
  • Enable application and audit logs to detect unauthorized data manipulation attempts, and regularly review them for signs of compromise.

Generated by OpenCVE AI on June 17, 2026 at 22:15 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Title Unauthenticated HTTPS Attack Compromises Oracle In‑Memory Cost Management Data
Weaknesses CWE-200
CWE-284
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 16 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
Description Vulnerability in the Oracle In-Memory Cost Management for Discrete Industries product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.12-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle In-Memory Cost Management for Discrete Industries. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle In-Memory Cost Management for Discrete Industries accessible data as well as unauthorized access to critical data or complete access to all Oracle In-Memory Cost Management for Discrete Industries accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).
First Time appeared Oracle
Oracle in-memory Cost Management For Discrete Industries
CPEs cpe:2.3:a:oracle:in-memory_cost_management_for_discrete_industries:*:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle in-memory Cost Management For Discrete Industries
References
Metrics cvssV3_1

{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N'}


Subscriptions

Oracle In-memory Cost Management For Discrete Industries
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-06-17T14:14:20.246Z

Reserved: 2026-05-18T15:55:10.312Z

Link: CVE-2026-46930

cve-icon Vulnrichment

Updated: 2026-06-17T14:14:16.008Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-23T21:04:44Z

Weaknesses
  • CWE-200

    Exposure of Sensitive Information to an Unauthorized Actor

  • CWE-284

    Improper Access Control