Skip to main content

Oracle Complex Maintenance Repair And Overhaul

3 CVEs product

Monthly

CVE-2026-46935 HIGH This Week

Full takeover of Oracle Complex Maintenance, Repair and Overhaul (CMRO) versions 12.2.3 through 12.2.15 is possible by an authenticated low-privileged attacker over HTTP against the Internal Operations component. Successful exploitation yields high impact to confidentiality, integrity, and availability of the CMRO module, though Oracle rates the attack complexity as high. There is no public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Oracle Oracle Complex Maintenance Repair And Overhaul Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-46934 HIGH This Week

Takeover of Oracle Complex Maintenance, Repair and Overhaul (CMRO) in Oracle E-Business Suite versions 12.2.3 through 12.2.15 allows a low-privileged authenticated attacker with HTTP network access to fully compromise the Internal Operations component. Oracle's June 2026 Critical Patch Update advisory documents the issue with a CVSS 3.1 base score of 7.5 and high confidentiality, integrity, and availability impact. No public exploit identified at time of analysis, and the vulnerability is rated difficult to exploit due to high attack complexity.

Oracle Oracle Complex Maintenance Repair And Overhaul Privilege Escalation
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-46915 HIGH This Week

Takeover of Oracle Complex Maintenance, Repair and Overhaul (cMRO) versions 12.2.3 through 12.2.15 is achievable by a low-privileged attacker over HTTP, with the scope changing to impact additional Oracle E-Business Suite products beyond cMRO itself. The high CVSS 3.1 score of 8.5 reflects full confidentiality, integrity, and availability impact, though high attack complexity tempers exploitability. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Oracle Oracle Complex Maintenance Repair And Overhaul Authentication Bypass
NVD
CVSS 3.1
8.5
EPSS
0.4%
EPSS 0% CVSS 7.5
HIGH This Week

Full takeover of Oracle Complex Maintenance, Repair and Overhaul (CMRO) versions 12.2.3 through 12.2.15 is possible by an authenticated low-privileged attacker over HTTP against the Internal Operations component. Successful exploitation yields high impact to confidentiality, integrity, and availability of the CMRO module, though Oracle rates the attack complexity as high. There is no public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Oracle Oracle Complex Maintenance Repair And Overhaul Authentication Bypass
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Takeover of Oracle Complex Maintenance, Repair and Overhaul (CMRO) in Oracle E-Business Suite versions 12.2.3 through 12.2.15 allows a low-privileged authenticated attacker with HTTP network access to fully compromise the Internal Operations component. Oracle's June 2026 Critical Patch Update advisory documents the issue with a CVSS 3.1 base score of 7.5 and high confidentiality, integrity, and availability impact. No public exploit identified at time of analysis, and the vulnerability is rated difficult to exploit due to high attack complexity.

Oracle Oracle Complex Maintenance Repair And Overhaul Privilege Escalation
NVD
EPSS 0% CVSS 8.5
HIGH This Week

Takeover of Oracle Complex Maintenance, Repair and Overhaul (cMRO) versions 12.2.3 through 12.2.15 is achievable by a low-privileged attacker over HTTP, with the scope changing to impact additional Oracle E-Business Suite products beyond cMRO itself. The high CVSS 3.1 score of 8.5 reflects full confidentiality, integrity, and availability impact, though high attack complexity tempers exploitability. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Oracle Oracle Complex Maintenance Repair And Overhaul Authentication Bypass
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy