Oracle Applications Manager
Monthly
Privilege escalation and full takeover of Oracle Applications Manager (component: Internal Operations) in Oracle E-Business Suite versions 12.2.3 through 12.2.15 allows a low-privileged remote attacker over HTTP to fully compromise the management product and, because of the scope change, significantly impact additional integrated products. Oracle rates the issue CVSS 9.9 with confidentiality, integrity, and availability impacts; no public exploit identified at time of analysis. Listed in the ENISA EUVD as EUVD-2026-37249 and addressed in Oracle's June 2026 Critical Patch Update.
Privilege escalation and full takeover of Oracle Applications Manager (component: Internal Operations) in Oracle E-Business Suite versions 12.2.3 through 12.2.15 allows a low-privileged remote attacker over HTTP to fully compromise the management product and, because of the scope change, significantly impact additional integrated products. Oracle rates the issue CVSS 9.9 with confidentiality, integrity, and availability impacts; no public exploit identified at time of analysis. Listed in the ENISA EUVD as EUVD-2026-37249 and addressed in Oracle's June 2026 Critical Patch Update.