Description
Vulnerability in the Oracle Quality product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Quality. Successful attacks of this vulnerability can result in takeover of Oracle Quality. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
Published: 2026-06-16
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability allows a low‑privileged attacker with network access over HTTP to fully compromise the Oracle Quality component of Oracle E‑Business Suite. Successful exploitation results in a complete takeover, affecting confidentiality, integrity, and availability of the application. The CVSS 3.1 base score of 8.8 reflects high impact across all data types.

Affected Systems

The affected product is Oracle Quality, part of Oracle E‑Business Suite, specifically the Internal Operations component. Vulnerable versions range from 12.2.3 through 12.2.15, all of which are currently supported. No other versions or products are listed as affected in the official advisory.

Risk and Exploitability

The CVSS vector (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) indicates that the attack can be performed remotely over network using simple credentials and does not require user interaction. Although the EPSS score is less than 1 %, suggesting a low probability of exploitation in the wild, the high severity and potential for system takeover mean that the risk remains significant. The vulnerability is not part of the CISA KEV catalog, but because of its remote nature and high impact it should be treated with urgency.

Generated by OpenCVE AI on June 17, 2026 at 18:55 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Oracle Security Patch for this vulnerability when it becomes available.
  • If a patch is not yet released, block HTTP traffic to the Oracle Quality application from unauthenticated sources and enforce strict network segmentation.
  • Continuously monitor application logs for abnormal activity and apply additional security controls such as WAF rules to detect anomalous requests.

Generated by OpenCVE AI on June 17, 2026 at 18:55 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 16 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
Description Vulnerability in the Oracle Quality product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Quality. Successful attacks of this vulnerability can result in takeover of Oracle Quality. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
First Time appeared Oracle
Oracle quality
CPEs cpe:2.3:a:oracle:quality:*:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle quality
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Oracle Quality
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-06-17T19:16:04.918Z

Reserved: 2026-05-18T15:55:10.313Z

Link: CVE-2026-46951

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-17T00:00:10Z

Weaknesses

No weakness.