Description
Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks of this vulnerability can result in takeover of Oracle Advanced Outbound Telephony. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
Published: 2026-06-16
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability in Oracle Advanced Outbound Telephony allows an attacker who already has network access over HTTP to compromise the component with relatively low effort. Successful exploitation can grant read, modify, and delete capabilities, effectively allowing the attacker to take full control of the service and disrupt its operations. The flaw results in Confidentiality, Integrity and Availability loss.

Affected Systems

Oracle Advanced Outbound Telephony – part of Oracle E‑Business Suite – is affected for supported releases from 12.2.3 through 12.2.15. The product is accessed via the Internal Operations component.

Risk and Exploitability

The CVSS 3.1 base score of 8.8 indicates high severity. The EPSS score of less than 1 % shows that the likelihood of exploitation remains low at present, but the vulnerability is still highly damaging if it is leveraged. The attack can be carried out over the network via HTTP and requires only low privileges, making it easily exploitable under the described conditions. The vulnerability is not listed in the CISA KEV catalog.

Generated by OpenCVE AI on June 17, 2026 at 18:56 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Oracle security patch for Oracle Advanced Outbound Telephony (12.2.3‑12.2.15).
  • Restrict HTTP access to the component to a trusted network segment or VPN and block all other inbound traffic.
  • Disable the HTTP management interface from untrusted networks and consider replacing it with a secure configuration or alternative access method.

Generated by OpenCVE AI on June 17, 2026 at 18:56 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 16 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
Description Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks of this vulnerability can result in takeover of Oracle Advanced Outbound Telephony. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
First Time appeared Oracle
Oracle advanced Outbound Telephony
CPEs cpe:2.3:a:oracle:advanced_outbound_telephony:*:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle advanced Outbound Telephony
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Oracle Advanced Outbound Telephony
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-06-17T19:31:36.957Z

Reserved: 2026-05-18T15:55:10.313Z

Link: CVE-2026-46947

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-17T00:00:10Z

Weaknesses

No weakness.