Description
Vulnerability in the Oracle Subledger Accounting product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Subledger Accounting. Successful attacks of this vulnerability can result in takeover of Oracle Subledger Accounting. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H).
Published: 2026-06-16
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability in Oracle Subledger Accounting allows a low‑privileged network attacker with HTTP access to fully compromise the application, resulting in loss of confidentiality, integrity, and availability. The weakness manifests as an improper access control flaw that permits unauthorized users to perform privileged operations, effectively bypassing the intended security controls.

Affected Systems

Oracle Corporation’s Oracle Subledger Accounting component of Oracle E‑Business Suite is vulnerable in versions 12.2.3 through 12.2.15. The issue is limited to the Internal Operations component exposed over HTTP.

Risk and Exploitability

The CVSS base score of 7.5 indicates a moderate‑to‑high severity, while the EPSS score of less than 1% suggests a low probability of exploitation at present. The vulnerability is not listed in CISA’s KEV catalog. The likely attack path involves a network‑level attacker sending crafted HTTP requests with minimal privileges, exploiting the access‑control weakness to achieve full takeover.

Generated by OpenCVE AI on June 17, 2026 at 18:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the official Oracle patch or upgrade to a version that is not affected by CVE-2026-46958.
  • Restrict HTTP access to the Subledger Accounting service to trusted networks using firewall rules or a VPN.
  • Enforce least‑privilege for application accounts and disable any default or unused accounts.
  • Monitor logs for suspicious activity and configure alerts for unusual authentication attempts.

Generated by OpenCVE AI on June 17, 2026 at 18:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 16 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
Description Vulnerability in the Oracle Subledger Accounting product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Subledger Accounting. Successful attacks of this vulnerability can result in takeover of Oracle Subledger Accounting. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H).
First Time appeared Oracle
Oracle subledger Accounting
CPEs cpe:2.3:a:oracle:subledger_accounting:*:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle subledger Accounting
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Oracle Subledger Accounting
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-06-16T19:28:02.607Z

Reserved: 2026-05-18T15:55:10.313Z

Link: CVE-2026-46958

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-17T04:00:02Z

Weaknesses

No weakness.