Description
Vulnerability in the Oracle Property Manager product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Property Manager. Successful attacks of this vulnerability can result in takeover of Oracle Property Manager. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
Published: 2026-06-16
Score: 7.2 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability allows a high-privilege attacker with network access via HTTP to fully compromise Oracle Property Manager, resulting in loss of confidentiality, integrity, and availability.

Affected Systems

The affected product is Oracle Property Manager from Oracle Corporation. Versions 12.2.3 through 12.2.15 are susceptible.

Risk and Exploitability

The CVSS base score of 7.2 and the very low EPSS score (< 1%) indicate a high-impact flaw that is unlikely to be widely exploited, yet it can be easily leveraged by an attacker who already has high privileges on the network. The flaw is not listed in the CISA KEV catalog. Attackers can target the application over HTTP to take control of the system.

Generated by OpenCVE AI on June 17, 2026 at 18:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor’s security patch for Oracle Property Manager versions 12.2.3 to 12.2.15.
  • Limit HTTP access to the application by restricting it to trusted networks or applying firewall rules.
  • Review and reduce user privilege levels within Oracle Property Manager to the minimum necessary for each role.
  • Monitor logs for any unauthorized access attempts or anomalous activity.

Generated by OpenCVE AI on June 17, 2026 at 18:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 16 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
Description Vulnerability in the Oracle Property Manager product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Property Manager. Successful attacks of this vulnerability can result in takeover of Oracle Property Manager. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
First Time appeared Oracle
Oracle property Manager
CPEs cpe:2.3:a:oracle:property_manager:*:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle property Manager
References
Metrics cvssV3_1

{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Oracle Property Manager
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-06-17T18:37:56.661Z

Reserved: 2026-05-18T15:55:10.313Z

Link: CVE-2026-46956

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-17T04:15:02Z

Weaknesses

No weakness.