Skip to main content

Oracle Advanced Outbound Telephony

3 CVEs product

Monthly

CVE-2026-46950 HIGH This Week

Account takeover in Oracle Advanced Outbound Telephony (E-Business Suite component, versions 12.2.3 through 12.2.15) allows a low-privileged remote attacker with HTTP access to fully compromise the product's confidentiality, integrity, and availability. Oracle has published a fix in the June 2026 Critical Patch Update, and the CVSS 3.1 base score of 8.8 reflects an easily exploitable network-borne flaw, though no public exploit identified at time of analysis and EPSS data was not provided.

Oracle Oracle Advanced Outbound Telephony Authentication Bypass
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2026-46949 CRITICAL Act Now

Remote unauthenticated compromise of Oracle Advanced Outbound Telephony (Oracle E-Business Suite, Internal Operations component) versions 12.2.3 through 12.2.15 allows attackers to read, create, modify, or delete all data accessible to the application via HTTP. Oracle rates the issue 9.1 (CVSS 3.1) due to network attack vector with no authentication and high confidentiality and integrity impact, though availability is unaffected. No public exploit identified at time of analysis, but the trivial exploitability and EBS exposure profile make it a priority patch.

Authentication Bypass Oracle Oracle Advanced Outbound Telephony
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2026-46947 HIGH This Week

Account takeover in Oracle Advanced Outbound Telephony (E-Business Suite versions 12.2.3 through 12.2.15) allows a low-privileged remote attacker to fully compromise the component over HTTP. The Internal Operations component is exposed to authenticated users with network reach, and successful exploitation yields high impact across confidentiality, integrity, and availability. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

Oracle Oracle Advanced Outbound Telephony Authentication Bypass
NVD
CVSS 3.1
8.8
EPSS
0.4%
EPSS 0% CVSS 8.8
HIGH This Week

Account takeover in Oracle Advanced Outbound Telephony (E-Business Suite component, versions 12.2.3 through 12.2.15) allows a low-privileged remote attacker with HTTP access to fully compromise the product's confidentiality, integrity, and availability. Oracle has published a fix in the June 2026 Critical Patch Update, and the CVSS 3.1 base score of 8.8 reflects an easily exploitable network-borne flaw, though no public exploit identified at time of analysis and EPSS data was not provided.

Oracle Oracle Advanced Outbound Telephony Authentication Bypass
NVD
EPSS 0% CVSS 9.1
CRITICAL Act Now

Remote unauthenticated compromise of Oracle Advanced Outbound Telephony (Oracle E-Business Suite, Internal Operations component) versions 12.2.3 through 12.2.15 allows attackers to read, create, modify, or delete all data accessible to the application via HTTP. Oracle rates the issue 9.1 (CVSS 3.1) due to network attack vector with no authentication and high confidentiality and integrity impact, though availability is unaffected. No public exploit identified at time of analysis, but the trivial exploitability and EBS exposure profile make it a priority patch.

Authentication Bypass Oracle Oracle Advanced Outbound Telephony
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Account takeover in Oracle Advanced Outbound Telephony (E-Business Suite versions 12.2.3 through 12.2.15) allows a low-privileged remote attacker to fully compromise the component over HTTP. The Internal Operations component is exposed to authenticated users with network reach, and successful exploitation yields high impact across confidentiality, integrity, and availability. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

Oracle Oracle Advanced Outbound Telephony Authentication Bypass
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy