Description
Vulnerability in the Oracle Project Portfolio Analysis product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Project Portfolio Analysis. Successful attacks of this vulnerability can result in takeover of Oracle Project Portfolio Analysis. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
Published: 2026-06-16
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A vulnerability in Oracle Project Portfolio Analysis allows a low privileged attacker with network access via HTTP to compromise the application and take it over. The flaw can be exploited without user interaction and carries full confidentiality, integrity, and availability impact, as reflected by the CVSS 3.1 vector showing network reachability, low attack complexity, low privileges and no user interface requirement.

Affected Systems

Oracle Corporation’s Oracle Project Portfolio Analysis component of the Oracle E‑Business Suite is affected. Supported versions ranging from 12.2.3 through 12.2.15 are listed as vulnerable.

Risk and Exploitability

The CVSS base score of 8.8 indicates high severity. The EPSS value of less than 1% suggests a very low exploitation probability and the vulnerability is not currently listed in CISA’s KEV catalog. Attackers would need only HTTP network access to the affected instance and could gain control of the application, potentially exposing or altering corporate data.

Generated by OpenCVE AI on June 17, 2026 at 18:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Review and apply the latest patch or upgrade to a version newer than 12.2.15 as detailed in Oracle’s security advisory.
  • Restrict HTTP access to the Oracle Project Portfolio Analysis service to trusted internal hosts and block external access when not required.
  • Enforce strong authentication and least‑privilege permissions, ensuring no default or weak credentials remain in the system.

Generated by OpenCVE AI on June 17, 2026 at 18:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 16 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
Description Vulnerability in the Oracle Project Portfolio Analysis product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Project Portfolio Analysis. Successful attacks of this vulnerability can result in takeover of Oracle Project Portfolio Analysis. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
First Time appeared Oracle
Oracle project Portfolio Analysis
CPEs cpe:2.3:a:oracle:project_portfolio_analysis:*:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle project Portfolio Analysis
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Oracle Project Portfolio Analysis
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-06-17T18:09:50.247Z

Reserved: 2026-05-18T15:55:10.314Z

Link: CVE-2026-46962

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-17T04:00:02Z

Weaknesses

No weakness.