Description
Vulnerability in the Oracle HR Intelligence product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle HR Intelligence. Successful attacks of this vulnerability can result in takeover of Oracle HR Intelligence. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H).
Published: 2026-06-16
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A vulnerability in Oracle HR Intelligence allows an attacker with low privileges and network access via HTTP to fully compromise the system. This results in loss of confidentiality, integrity, and availability for all HR data, effectively giving an attacker complete control over the application.

Affected Systems

Oracle Corporation’s Oracle HR Intelligence component of Oracle E‑Business Suite (Internal Operations) is impacted. Versions 12.2.3 through 12.2.15 are susceptible.

Risk and Exploitability

The CVSS 3.1 base score of 7.5 indicates a high‑severity threat, while the EPSS score of less than 1% signals that, although the vulnerability is exploitable, the likelihood of attack is currently low. The issue is not listed in CISA KEV. Exploitation requires only network connectivity to the HR Intelligence HTTP interface and does not need elevated user privileges.

Generated by OpenCVE AI on June 17, 2026 at 18:49 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor‑supplied security patch for Oracle HR Intelligence covering this vulnerability.
  • Restrict HTTP access to the HR Intelligence service to trusted internal hosts or a secure VPN, and disable or secure any default HTTP endpoints.
  • Enable TLS for all connections to HR Intelligence and enforce strong authentication to prevent unauthorized access.

Generated by OpenCVE AI on June 17, 2026 at 18:49 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 16 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
Description Vulnerability in the Oracle HR Intelligence product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle HR Intelligence. Successful attacks of this vulnerability can result in takeover of Oracle HR Intelligence. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H).
First Time appeared Oracle
Oracle hr Intelligence
CPEs cpe:2.3:a:oracle:hr_intelligence:*:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle hr Intelligence
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Oracle Hr Intelligence
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-06-17T17:23:53.931Z

Reserved: 2026-05-18T15:55:10.314Z

Link: CVE-2026-46971

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-17T04:15:02Z

Weaknesses

No weakness.