Description
Vulnerability in the Oracle iSupplier Portal product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle iSupplier Portal. Successful attacks of this vulnerability can result in takeover of Oracle iSupplier Portal. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H).
Published: 2026-06-16
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A low‑privileged attacker with network access to the Oracle iSupplier Portal can exploit a vulnerability in the Internal Operations component, allowing the attacker to take over the portal. This weakness is an Improper Access Control flaw (CWE‑284), permitting unauthorized takeover. Once successfully compromised, the attacker gains full confidentiality, integrity, and availability control of the portal. The CVSS 3.1 score of 7.5 reflects these severe impacts.

Affected Systems

The affected product is Oracle iSupplier Portal, part of Oracle E‑Business Suite, for which versions 12.2.3 through 12.2.15 are impacted.

Risk and Exploitability

The vulnerability has a high CVSS score of 7.5 and a very low EPSS score of less than 1%, indicating that exploitation is unlikely at present. It is not listed in the CISA KEV catalog. The likely attack vector is a network‑based HTTP connection to the portal, inferred from the description that an attacker with network access can exploit it. No public exploit is known, but the potential for a complete takeover makes it highly critical if exploited.

Generated by OpenCVE AI on June 17, 2026 at 20:48 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor‑supplied patch for Oracle iSupplier Portal versions 12.2.3 to 12.2.15 to eliminate the known vulnerability
  • Restrict network exposure by limiting HTTP access to the portal to authenticated, whitelisted IP ranges
  • Enforce least‑privilege policies for portal accounts and monitor for anomalous access patterns

Generated by OpenCVE AI on June 17, 2026 at 20:48 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 16 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
Description Vulnerability in the Oracle iSupplier Portal product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle iSupplier Portal. Successful attacks of this vulnerability can result in takeover of Oracle iSupplier Portal. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H).
First Time appeared Oracle
Oracle isupplier Portal
CPEs cpe:2.3:a:oracle:isupplier_portal:*:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle isupplier Portal
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Oracle Isupplier Portal
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-06-17T19:10:04.897Z

Reserved: 2026-05-18T15:55:10.313Z

Link: CVE-2026-46957

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-17T03:00:16Z

Weaknesses

No weakness.