HarborGuardharborguardDatabase
Back to search
HIGHCVE-2026-46969Published Modified CNA oracle

CVE-2026-46969: Vulnerability in the Oracle Financials for EMEA product of Oracle E-Business Suite (component: Internal Operations)

Vulnerability in the Oracle Financials for EMEA product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Financials for EMEA. Successful attacks of this vulnerability can result in takeover of Oracle Financials for EMEA. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).

Metrics

CVSS v3.1
7.2
Severity
HIGH
Fixed in
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

This is a high-severity vulnerability in the Internal Operations component of Oracle Financials for EMEA, part of Oracle E-Business Suite versions 12.2.3 through 12.2.15. An attacker with administrative network access can reach the affected component over HTTP without any additional conditions, and no victim interaction is required. Successful exploitation results in full takeover of the Oracle Financials for EMEA instance, giving the attacker read, write, and denial-of-service capability across the application. No fix version has been published by Oracle; HarborGuard is tracking the advisory for patch availability and will surface a patched-image rebuild the moment one is released.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment: the CVE is ingested from upstream Oracle and NVD feeds within minutes of publication and matched against customer images in connected registries and CI/CD pipelines, including custom-built images derived from Oracle E-Business Suite base layers. Any image carrying an affected version of Oracle Financials for EMEA (12.2.3 through 12.2.15) is flagged automatically.

Available
Triage

HarborGuard scores this finding at CVSS 7.2 HIGH and weights it against each environment's compliance policy to determine urgency and routing. Findings are dispatched to the appropriate team inbox within each customer org based on configured ownership rules, so the right engineers see the alert without manual triage overhead.

Available
Patch

Because Oracle has not published a fix version, HarborGuard re-checks the upstream Oracle advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment a fix is released. In the interim, HarborGuard surfaces the unpatched finding continuously so it remains visible in dashboards and does not age out of active tracking.

Pending upstream

Exploit Conditions

  • Network reachabilityRequired

    The attacker must reach the Oracle Financials for EMEA service over the network via HTTP; the component is exposed at the network layer (AV:N).

  • AuthenticationRequired

    The attacker must hold a high-privilege account on the Oracle E-Business Suite instance; a standard or anonymous session is not sufficient (PR:H).

  • Victim interactionNot required

    No user action or social engineering is needed; the attacker can exploit the vulnerability entirely on their own (UI:N).

  • Attack complexityDetail

    The exploit is reliable and condition-free, requiring no race conditions, specific memory layout, or environmental setup (AC:L).

Blast Radius

  • A successful attacker reads all data accessible to the Oracle Financials for EMEA application, including financial records, configuration data, and credentials stored within the component.
  • The attacker can write or modify persisted financial records, configuration, and application state within the affected instance.
  • The attacker can crash or otherwise disrupt the Oracle Financials for EMEA service, making it unavailable to legitimate users.
  • Combined confidentiality, integrity, and availability impact across the application constitutes a full takeover of the affected Oracle Financials for EMEA instance.

How HarborGuard Handles This

Available on HarborGuard: because Oracle has not yet published a remediated version, the platform continuously re-evaluates the advisory on every ingest cycle and will trigger a patched-image rebuild and, for customers with auto-remediation enabled, a regression test run and a PR opened against affected workloads the moment an upstream fix is released. Until then, compensating controls are worth evaluating: network-policy rules that restrict HTTP access to the Internal Operations component to only known administrative source addresses, egress filtering to limit lateral movement from a compromised instance, and review of which accounts hold high-privilege roles in Oracle E-Business Suite to reduce the pool of credentials that could be used in an attack. The finding remains active and visible in HarborGuard dashboards and will not age out until a patch is confirmed.

See how HarborGuard automates this
Affected packages
  • Oracle Corporation / Oracle Financials for EMEA
    ≤ 12.2.15
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
References