Skip to main content

Oracle Enterprise Manager CVE-2026-46852

| EUVDEUVD-2026-37345 CRITICAL
Improper Privilege Management (CWE-269)
2026-06-16 oracle
9.9
CVSS 3.1 · Vendor: oracle
Share

Severity by source

Vendor (oracle) PRIMARY
9.9 CRITICAL
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
vuln.today AI
9.9 CRITICAL

Network HTTPS reach with a low-privileged OEM account, no user interaction, and a scope change into managed targets justify AV:N/AC:L/PR:L/UI:N/S:C with C:H/I:H/A:H for takeover.

3.1 AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Primary rating from Vendor (oracle).

CVSS VectorVendor: oracle

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
Analysis Generated
Jun 16, 2026 - 22:45 vuln.today

DescriptionCVE.org

Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Metadata Plugin). Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Enterprise Manager Base Platform. While the vulnerability is in Oracle Enterprise Manager Base Platform, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Enterprise Manager Base Platform. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

AnalysisAI

Privileged takeover of Oracle Enterprise Manager Base Platform versions 13.5 and 24.1 is possible through the Metadata Plugin component, allowing a low-privileged remote attacker over HTTPS to fully compromise the platform with a scope change that impacts additional products. The CVSS 3.1 base score of 9.9 reflects the broad confidentiality, integrity, and availability impact. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain low-privileged OEM account
Delivery
Reach OEM console over HTTPS
Exploit
Send crafted request to Metadata Plugin
Execution
Exploit scope-changing flaw
Persist
Take over OEM Base Platform
Impact
Pivot to managed databases and middleware

Vulnerability AssessmentAI

Exploitation The attacker must have network reachability to the Oracle Enterprise Manager Base Platform console over HTTPS and must hold a low-privileged OEM user account (PR:L) - anonymous unauthenticated access is not sufficient. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H yields a 9.9 score driven primarily by the scope change - successful exploitation does not stop at OEM itself but extends to the database, middleware, and infrastructure targets OEM manages, which in most enterprises means crown-jewel systems. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has obtained or been granted a low-privileged OEM account - for example a junior DBA, contractor, or compromised service account - connects to the OEM console over HTTPS and sends crafted requests to the Metadata Plugin component to escalate privileges within OEM and then pivot, via OEM's trust relationships and stored credentials, to managed Oracle databases and middleware. No user interaction is required and attack complexity is low. …
Remediation Apply the patches delivered in Oracle's June 2026 Critical Patch Update (Patch available per vendor advisory) by following the bulletin at https://www.oracle.com/security-alerts/cspujun2026.html for OEM 13.5 and 24.1 - Oracle does not publish exact post-patch build numbers in advance of CPU consumption, so confirm the specific OEM bundle patch ID against your version in My Oracle Support. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all systems running Enterprise Manager 13.5 or 24.1; restrict network access to the platform to essential administrators only and require VPN/jump-host access. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-46855 CRITICAL
9.9 Jun 16

Full takeover of Oracle Enterprise Manager Base Platform 13.5 and 24.1 is possible by a low-privileged remote attacker v

CVE-2026-46854 CRITICAL
9.9 Jun 16

Privilege escalation and full takeover in Oracle Enterprise Manager Base Platform 13.5 and 24.1 (Target Management compo

CVE-2026-46832 CRITICAL
9.9 Jun 16

Privileged takeover of Oracle Enterprise Manager Base Platform 13.5 and 24.1 is possible through the Discovery Framework

CVE-2026-46857 CRITICAL
9.8 Jun 16

Remote code execution in Oracle Enterprise Manager Base Platform versions 13.5 and 24.1 allows unauthenticated network a

CVE-2026-46856 CRITICAL
9.6 Jun 16

Remote takeover of Oracle Enterprise Manager Base Platform 13.5 and 24.1 is possible when an unauthenticated attacker ov

CVE-2026-46853 CRITICAL
9.6 Jun 16

Cross-scope takeover of Oracle Enterprise Manager Base Platform 13.5 and 24.1 allows unauthenticated remote attackers to

CVE-2026-46875 CRITICAL
9.1 Jun 16

Privileged takeover of Oracle Enterprise Manager Base Platform 13.5 and 24.1 is possible via the Deployment Library comp

CVE-2026-46872 CRITICAL
9.0 Jun 16

Privileged remote tampering in Oracle Enterprise Manager Base Platform 13.5 and 24.1 (Install component) allows an authe

CVE-2026-46864 HIGH
8.8 Jun 16

Authenticated takeover of Oracle Enterprise Manager Base Platform 13.5 and 24.1 is possible via the Agent Next Gen compo

CVE-2026-46866 HIGH
8.2 Jun 16

Remote denial-of-service and data tampering in Oracle Enterprise Manager Base Platform 13.5 and 24.1 allows unauthentica

CVE-2026-46865 HIGH
8.2 Jun 16

Privileged local compromise in Oracle Enterprise Manager Base Platform 13.5 and 24.1 (Extensibility Framework component)

CVE-2026-46868 HIGH
7.2 Jun 16

Full takeover of Oracle Enterprise Manager Base Platform (versions 13.5 and 24.1) is possible by an authenticated, high-

Share

CVE-2026-46852 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy