Skip to main content

Oracle Enterprise Manager EUVDEUVD-2026-37357

| CVE-2026-46864 HIGH
Improper Access Control (CWE-284)
2026-06-16 oracle
8.8
CVSS 3.1 · Vendor: oracle
Share

Severity by source

Vendor (oracle) PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
8.8 HIGH

Network-reachable SSH surface (AV:N), Oracle labels it easily exploitable (AC:L), a low-privileged credential is required (PR:L), no user interaction, and full takeover yields C:H/I:H/A:H.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (oracle).

CVSS VectorVendor: oracle

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
Analysis Generated
Jun 16, 2026 - 22:38 vuln.today

DescriptionCVE.org

Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Agent Next Gen). Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows low privileged attacker with network access via SSH to compromise Oracle Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in takeover of Oracle Enterprise Manager Base Platform. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

AnalysisAI

Authenticated takeover of Oracle Enterprise Manager Base Platform 13.5 and 24.1 is possible via the Agent Next Gen component, where a low-privileged attacker with SSH network access can fully compromise confidentiality, integrity, and availability. Oracle rates this 8.8 and describes it as easily exploitable, but no public exploit identified at time of analysis and the flaw is not listed in CISA KEV. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain low-privileged credential
Delivery
Reach Agent Next Gen SSH port
Exploit
Authenticate to vulnerable agent
Execution
Exploit Agent Next Gen flaw
Persist
Escalate to OEM Base Platform takeover
Impact
Pivot to managed Oracle targets

Vulnerability AssessmentAI

Exploitation Exploitation requires network reachability to the Agent Next Gen SSH interface on an Oracle Enterprise Manager Base Platform 13.5 or 24.1 host, plus possession of a low-privileged credential accepted by that SSH path (PR:L per Oracle's CVSS). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Signals are mixed-but-actionable: CVSS 3.1 is 8.8 with AV:N/AC:L/PR:L/UI:N and full C/I/A impact, and Oracle explicitly labels it 'easily exploitable,' which together justify prioritization for any environment running OEM 13.5 or 24.1. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has obtained any low-privileged credential usable against the Agent Next Gen SSH surface - for example a service account harvested from a compromised DBA workstation or a weak operator account on a monitored host - connects over the network to a vulnerable OEM agent and triggers the flaw to escalate into full control of the Oracle Enterprise Manager Base Platform. From there they can pivot to any Oracle target managed by OEM, exfiltrate database credentials stored in the management framework, and disrupt monitoring across the estate. …
Remediation Apply the patches from Oracle's June 2026 Critical Patch Update for Oracle Enterprise Manager Base Platform 13.5 and 24.1 as published at https://www.oracle.com/security-alerts/cspujun2026.html - Oracle CPU patches are the only vendor-released fix and exact patch identifiers should be retrieved from the CPU matrix in that advisory. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify and inventory all systems running Enterprise Manager Base Platform 13.5 or 24.1; restrict SSH network access to these systems to trusted administrative networks only via firewall policy; enable detailed logging and alerting for authentication and administrative activities. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-46855 CRITICAL
9.9 Jun 16

Full takeover of Oracle Enterprise Manager Base Platform 13.5 and 24.1 is possible by a low-privileged remote attacker v

CVE-2026-46852 CRITICAL
9.9 Jun 16

Privileged takeover of Oracle Enterprise Manager Base Platform versions 13.5 and 24.1 is possible through the Metadata P

CVE-2026-46854 CRITICAL
9.9 Jun 16

Privilege escalation and full takeover in Oracle Enterprise Manager Base Platform 13.5 and 24.1 (Target Management compo

CVE-2026-46832 CRITICAL
9.9 Jun 16

Privileged takeover of Oracle Enterprise Manager Base Platform 13.5 and 24.1 is possible through the Discovery Framework

CVE-2026-46857 CRITICAL
9.8 Jun 16

Remote code execution in Oracle Enterprise Manager Base Platform versions 13.5 and 24.1 allows unauthenticated network a

CVE-2026-46856 CRITICAL
9.6 Jun 16

Remote takeover of Oracle Enterprise Manager Base Platform 13.5 and 24.1 is possible when an unauthenticated attacker ov

CVE-2026-46853 CRITICAL
9.6 Jun 16

Cross-scope takeover of Oracle Enterprise Manager Base Platform 13.5 and 24.1 allows unauthenticated remote attackers to

CVE-2026-46875 CRITICAL
9.1 Jun 16

Privileged takeover of Oracle Enterprise Manager Base Platform 13.5 and 24.1 is possible via the Deployment Library comp

CVE-2026-46872 CRITICAL
9.0 Jun 16

Privileged remote tampering in Oracle Enterprise Manager Base Platform 13.5 and 24.1 (Install component) allows an authe

CVE-2026-46866 HIGH
8.2 Jun 16

Remote denial-of-service and data tampering in Oracle Enterprise Manager Base Platform 13.5 and 24.1 allows unauthentica

CVE-2026-46865 HIGH
8.2 Jun 16

Privileged local compromise in Oracle Enterprise Manager Base Platform 13.5 and 24.1 (Extensibility Framework component)

CVE-2026-46868 HIGH
7.2 Jun 16

Full takeover of Oracle Enterprise Manager Base Platform (versions 13.5 and 24.1) is possible by an authenticated, high-

Share

EUVD-2026-37357 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy