Description
Vulnerability in the Oracle Outsourced Mfg for Discrete Industries product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Outsourced Mfg for Discrete Industries. Successful attacks of this vulnerability can result in takeover of Oracle Outsourced Mfg for Discrete Industries. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
Published: 2026-06-16
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw allows an attacker with low privileges and network access through HTTP to take complete control of Oracle Outsourced Mfg for Discrete Industries. An attacker who exploits this vulnerability could compromise all aspects of confidentiality, integrity, and availability. The CVSS vector indicates that the risk is high across all categories.

Affected Systems

This vulnerability affects Oracle Corporation’s Outsourced Mfg for Discrete Industries component of Oracle E‑Business Suite. All supported releases from version 12.2.3 through 12.2.15 are vulnerable, and any deployment that exposes the internal operations interface over HTTP remains at risk.

Risk and Exploitability

With a CVSS base score of 8.8 and an EPSS score of less than 1 %, the likelihood of exploitation in the wild is low, but the severity is high. The vulnerability is not listed in the CISA KEV catalog; however, an attacker who can reach the product via the standard HTTP port could easily exploit the flaw without elevated credentials, providing a straightforward path to takeover.

Generated by OpenCVE AI on June 18, 2026 at 21:29 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Oracle patch for Oracle Outsourced Mfg for Discrete Industries that addresses versions 12.2.3 through 12.2.15.
  • Restrict HTTP access to the component so that only trusted internal hosts can reach it, using firewall rules or IP filtering.
  • Enable and monitor authentication and activity logs for anomalous events to detect potential exploitation attempts.

Generated by OpenCVE AI on June 18, 2026 at 21:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 18 Jun 2026 21:45:00 +0000

Type Values Removed Values Added
Title Remote Code Execution via HTTP in Oracle Outsourced Mfg for Discrete Industries 12.2.3-12.2.15

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Title Remote Code Execution via HTTP in Oracle Outsourced Mfg for Discrete Industries 12.2.3-12.2.15
Weaknesses CWE-269
CWE-284
CWE-287
CWE-306
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 16 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
Description Vulnerability in the Oracle Outsourced Mfg for Discrete Industries product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Outsourced Mfg for Discrete Industries. Successful attacks of this vulnerability can result in takeover of Oracle Outsourced Mfg for Discrete Industries. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
First Time appeared Oracle
Oracle outsourced Mfg For Discrete Industries
CPEs cpe:2.3:a:oracle:outsourced_mfg_for_discrete_industries:*:*:*:*:*:*:*:*
Vendors & Products Oracle
Oracle outsourced Mfg For Discrete Industries
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}


Subscriptions

Oracle Outsourced Mfg For Discrete Industries
cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published:

Updated: 2026-06-17T18:20:35.327Z

Reserved: 2026-05-18T15:55:10.314Z

Link: CVE-2026-46973

cve-icon Vulnrichment

Updated: 2026-06-17T18:19:20.411Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-23T21:04:37Z

Weaknesses
  • CWE-269

    Improper Privilege Management

  • CWE-284

    Improper Access Control

  • CWE-287

    Improper Authentication

  • CWE-306

    Missing Authentication for Critical Function