Description
Vulnerability in the Oracle Property Manager product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Property Manager. Successful attacks of this vulnerability can result in takeover of Oracle Property Manager. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
Published: 2026-06-16
Score: 7.2 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in Oracle Property Manager allows an attacker who already possesses high‑privilege credentials and network access via HTTP to take complete control of the application. The vulnerability can be exploited with low effort, and successfully compromising the system results in the loss of confidentiality, integrity, and availability of the application and the data it manages. The weakness is indexed by the well‑known CWE classes for privilege enforcement issues.

Affected Systems

Oracle Property Manager from Oracle Corporation is affected. All supported versions from 12.2.3 to 12.2.15 are susceptible.

Risk and Exploitability

With a CVSS base score of 7.2, this flaw carries a substantial impact. The EPSS score of 0–1% indicates low overall exploitation probability, yet the attack is straightforward once the attacker has high‑privilege network access. The vulnerability is not listed in the CISA KEV catalog, so no public exploits are confirmed. Attackers would access the application over HTTP, leverage the privilege escalation flaw, and gain full control of the system.

Generated by OpenCVE AI on June 18, 2026 at 23:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor’s security patch released for Oracle Property Manager versions 12.2.3 through 12.2.15.
  • Restrict HTTP access to trusted networks or apply firewall rules to limit exposure to the application.
  • Reduce user privilege levels within Oracle Property Manager to the minimum required for each role.

Generated by OpenCVE AI on June 18, 2026 at 23:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 19 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
Title High-Privilege HTTP Access Enables Complete Compromise of Oracle Property Manager

Thu, 18 Jun 2026 22:00:00 +0000

Type Values Removed Values Added
Title High Privilege Escalation Vulnerability in Oracle Property Manager Enables Full System Compromise
Weaknesses CWE-285
CWE-798

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Title High Privilege Escalation Vulnerability in Oracle Property Manager Enables Full System Compromise
Weaknesses CWE-284
CWE-285
CWE-798
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 16 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
Description Vulnerability in the Oracle Property Manager product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Property Manager. Successful attacks of this vulnerability can result in takeover of Oracle Property Manager. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
First Time appeared Oracle
Oracle property Manager
CPEs cpe:2.3:a:oracle:property_manager:*:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle property Manager
References
Metrics cvssV3_1

{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}


Subscriptions

Oracle Property Manager
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-06-17T18:37:56.661Z

Reserved: 2026-05-18T15:55:10.313Z

Link: CVE-2026-46956

cve-icon Vulnrichment

Updated: 2026-06-17T18:37:10.559Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-19T00:00:06Z

Weaknesses