Skip to main content

Oracle Configure To Order

1 CVEs product

Monthly

CVE-2026-46939 HIGH This Week

Authenticated data tampering and disclosure in Oracle Configure to Order (Oracle E-Business Suite) versions 12.2.3 through 12.2.15 allows a low-privileged attacker with network access via HTTP to fully read, modify, create, or delete all data accessible to the Supply to Order Workbench component. Oracle rates the issue CVSS 8.1 and describes it as easily exploitable; no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Authentication Bypass Oracle Oracle Configure To Order
NVD
CVSS 3.1
8.1
EPSS
0.4%
EPSS 0% CVSS 8.1
HIGH This Week

Authenticated data tampering and disclosure in Oracle Configure to Order (Oracle E-Business Suite) versions 12.2.3 through 12.2.15 allows a low-privileged attacker with network access via HTTP to fully read, modify, create, or delete all data accessible to the Supply to Order Workbench component. Oracle rates the issue CVSS 8.1 and describes it as easily exploitable; no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Authentication Bypass Oracle Oracle Configure To Order
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy