HarborGuardharborguardDatabase
Back to search
CRITICALCVE-2026-46944Published Modified CNA oracle

CVE-2026-46944: Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Internal Operations)

Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle iSupport. While the vulnerability is in Oracle iSupport, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle iSupport. CVSS 3.1 Base Score 9.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).

Metrics

CVSS v3.1
9.1
Severity
CRITICAL
Fixed in
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

A critical-severity vulnerability affects the Internal Operations component of Oracle iSupport, part of Oracle E-Business Suite versions 12.2.3 through 12.2.15. The flaw is reachable over the network via HTTP and requires a high-privileged account to exploit, but no victim interaction is needed. Successful exploitation gives an attacker full control over Oracle iSupport and can spill over to compromise additional products in the same environment, enabling complete confidentiality loss, data tampering, and service disruption. No upstream fix version has been published; HarborGuard tracks this advisory and will make a patched-image rebuild available the moment Oracle ships a fix.

HarborGuard Coverage

Detection

Detection for CVE-2026-46944 is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against all customer images, including custom-built images that bundle Oracle E-Business Suite components. Any image containing an affected version of Oracle iSupport (12.2.3 through 12.2.15) is flagged automatically in both registry scans and CI pipeline checks.

Available
Triage

HarborGuard is capable of scoring this finding at CVSS 9.1 Critical and weighting it against each environment's compliance policy to determine priority. Triage routing is available to direct the finding to the appropriate team inbox within each customer organization based on configured ownership rules.

Available
Patch

Because no upstream fix has been published, HarborGuard re-checks this advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment Oracle releases a remediated version. In the meantime, customers with auto-remediation enabled will receive the rebuilt image, a regression-test run, and a pull request opened against affected workloads as soon as a fix version is confirmed.

Pending upstream

Exploit Conditions

  • Network reachabilityRequired

    The attacker must reach the Oracle iSupport service over the network via HTTP; no local or physical access to the host is required.

  • AuthenticationRequired

    A high-privileged account (such as an administrator-level credential) is needed before the vulnerability can be triggered.

  • Victim interactionNot required

    No action from any other user or victim is necessary; the attacker can exploit this entirely on their own.

  • Attack complexityDetail

    Attack complexity is low, meaning the exploit is reliable and does not depend on race conditions, specific memory layouts, or other variable environmental factors.

Blast Radius

  • A successful attacker gains full read access to data stored in Oracle iSupport, including internal support records, user data, and any credentials or session tokens held by the application.
  • The attacker can modify or delete persisted data within Oracle iSupport, including case records, configuration, and operational data.
  • The attacker can crash or render Oracle iSupport unavailable, disrupting internal support operations.
  • Because the CVSS scope is changed, the attacker can pivot to compromise additional products sharing the same E-Business Suite environment, extending the impact well beyond Oracle iSupport itself.

How HarborGuard Handles This

Available on HarborGuard: this CVE is monitored continuously with no upstream fix currently published by Oracle. HarborGuard re-evaluates the advisory on every ingest cycle so that a patched-image rebuild becomes available to customers the moment Oracle ships a remediated version. For customers who opt into auto-remediation, the workflow (rebuild, regression-test run, and PR against affected workloads) will trigger without manual intervention as soon as a fix version is confirmed. While no patch is available, recommended compensating controls include network-policy isolation to restrict HTTP access to the Oracle iSupport Internal Operations component to only known privileged service accounts, egress filtering to limit lateral movement in the event of compromise, and review of high-privileged account grants to minimize the population of credentials that could be used to reach the vulnerable endpoint. HarborGuard will surface updated findings automatically if the advisory changes scope or if Oracle publishes a partial workaround.

See how HarborGuard automates this
Affected packages
  • Oracle Corporation / Oracle iSupport
    ≤ 12.2.15
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
References