Skip to main content

Oracle Enterprise Command Center Framework

8 CVEs product

Monthly

CVE-2026-46902 CRITICAL Act Now

Remote unauthenticated takeover of Oracle Enterprise Command Center Framework (versions V15 and V16), a component of Oracle E-Business Suite, is possible over HTTPS with low attack complexity. The flaw yields full confidentiality, integrity, and availability impact (CVSS 9.8) on the Core component and is addressed in Oracle's June 2026 Critical Patch Update. No public exploit identified at time of analysis, but the trivial exploitability profile makes this a high-priority patching target.

Oracle Oracle Enterprise Command Center Framework Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2026-46901 CRITICAL Act Now

Scope-changing compromise in Oracle Enterprise Command Center Framework V15 and V16 (a component of Oracle E-Business Suite) allows a low-privileged remote attacker to read, modify, or delete all framework-accessible data and partially disrupt service via HTTP. Because CVSS scope is Changed, exploitation impacts additional Oracle E-Business Suite products beyond the Framework itself, driving the 9.9 base score. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV.

Authentication Bypass Denial Of Service Oracle Oracle Enterprise Command Center Framework
NVD
CVSS 3.1
9.9
EPSS
0.4%
CVE-2026-46900 CRITICAL Act Now

Privileged takeover of Oracle Enterprise Command Center Framework V15 and V16 (a component of Oracle E-Business Suite) allows a low-privileged remote attacker over HTTPS to fully compromise the product and pivot into other E-Business Suite components via a CVSS scope change. Oracle has issued a fix in its June 2026 Critical Patch Update; no public exploit identified at time of analysis and EPSS/KEV signals were not provided.

Oracle Oracle Enterprise Command Center Framework Authentication Bypass
NVD
CVSS 3.1
9.9
EPSS
0.5%
CVE-2026-46899 CRITICAL Act Now

Cross-component compromise in Oracle Enterprise Command Center Framework V15 and V16 allows a low-privileged remote attacker to read and tamper with critical data across adjacent Oracle E-Business Suite components via HTTP. The scope-changed CVSS 3.1 score of 9.6 reflects high confidentiality and integrity impact reaching beyond the vulnerable component, though no public exploit identified at time of analysis. Oracle disclosed the issue in the June 2026 Critical Patch Update.

Authentication Bypass Oracle Oracle Enterprise Command Center Framework
NVD
CVSS 3.1
9.6
EPSS
0.4%
CVE-2026-46898 HIGH This Week

High-impact confidentiality and integrity compromise in Oracle Enterprise Command Center Framework V15 and V16 (a component of Oracle E-Business Suite) allows unauthenticated remote attackers to gain full read/write access to all framework-accessible data after tricking a user into interacting with a malicious request. The flaw is reachable over HTTPS with low attack complexity but requires user interaction, and no public exploit identified at time of analysis. Oracle published a vendor advisory in the June 2026 Critical Patch Update.

Authentication Bypass Oracle Oracle Enterprise Command Center Framework
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2026-46897 CRITICAL Act Now

Privileged data manipulation and disclosure in Oracle Enterprise Command Center Framework V15 and V16 allows a low-privileged remote attacker over HTTP to gain unauthorized read, modify, and delete access to all framework-accessible data, with scope change extending impact to other Oracle E-Business Suite products. The CVSS 9.9 score reflects low attack complexity, low privileges required, and the scope change that crosses security boundaries into adjacent products. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV.

Authentication Bypass Denial Of Service Oracle Oracle Enterprise Command Center Framework
NVD VulDB
CVSS 3.1
9.9
EPSS
0.4%
CVE-2026-46896 CRITICAL Act Now

Privileged takeover of Oracle Enterprise Command Center Framework (ECC) versions V15 and V16, a component of Oracle E-Business Suite, allows a high-privileged authenticated attacker with HTTP network access to fully compromise the ECC component and, through a scope change, significantly impact additional integrated products. Oracle's June 2026 Critical Patch Update advisory rates this CVSS 9.1 (C:H/I:H/A:H with S:C), and no public exploit identified at time of analysis. The combined high privilege requirement and scope change make this a real lateral-movement risk inside ERP deployments rather than a perimeter RCE.

Oracle Oracle Enterprise Command Center Framework Authentication Bypass
NVD
CVSS 3.1
9.1
EPSS
0.5%
CVE-2026-46895 CRITICAL Act Now

Privilege escalation and full takeover of Oracle Enterprise Command Center Framework (versions V15 and V16) is achievable by a low-privileged remote attacker over HTTP, with a scope change that lets the compromise impact other Oracle E-Business Suite components. The flaw carries a CVSS 3.1 base score of 9.9 (C:H/I:H/A:H, S:C). No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

Oracle Oracle Enterprise Command Center Framework Authentication Bypass
NVD VulDB
CVSS 3.1
9.9
EPSS
0.5%
EPSS 1% CVSS 9.8
CRITICAL Act Now

Remote unauthenticated takeover of Oracle Enterprise Command Center Framework (versions V15 and V16), a component of Oracle E-Business Suite, is possible over HTTPS with low attack complexity. The flaw yields full confidentiality, integrity, and availability impact (CVSS 9.8) on the Core component and is addressed in Oracle's June 2026 Critical Patch Update. No public exploit identified at time of analysis, but the trivial exploitability profile makes this a high-priority patching target.

Oracle Oracle Enterprise Command Center Framework Authentication Bypass
NVD
EPSS 0% CVSS 9.9
CRITICAL Act Now

Scope-changing compromise in Oracle Enterprise Command Center Framework V15 and V16 (a component of Oracle E-Business Suite) allows a low-privileged remote attacker to read, modify, or delete all framework-accessible data and partially disrupt service via HTTP. Because CVSS scope is Changed, exploitation impacts additional Oracle E-Business Suite products beyond the Framework itself, driving the 9.9 base score. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV.

Authentication Bypass Denial Of Service Oracle +1
NVD
EPSS 0% CVSS 9.9
CRITICAL Act Now

Privileged takeover of Oracle Enterprise Command Center Framework V15 and V16 (a component of Oracle E-Business Suite) allows a low-privileged remote attacker over HTTPS to fully compromise the product and pivot into other E-Business Suite components via a CVSS scope change. Oracle has issued a fix in its June 2026 Critical Patch Update; no public exploit identified at time of analysis and EPSS/KEV signals were not provided.

Oracle Oracle Enterprise Command Center Framework Authentication Bypass
NVD
EPSS 0% CVSS 9.6
CRITICAL Act Now

Cross-component compromise in Oracle Enterprise Command Center Framework V15 and V16 allows a low-privileged remote attacker to read and tamper with critical data across adjacent Oracle E-Business Suite components via HTTP. The scope-changed CVSS 3.1 score of 9.6 reflects high confidentiality and integrity impact reaching beyond the vulnerable component, though no public exploit identified at time of analysis. Oracle disclosed the issue in the June 2026 Critical Patch Update.

Authentication Bypass Oracle Oracle Enterprise Command Center Framework
NVD
EPSS 0% CVSS 8.1
HIGH This Week

High-impact confidentiality and integrity compromise in Oracle Enterprise Command Center Framework V15 and V16 (a component of Oracle E-Business Suite) allows unauthenticated remote attackers to gain full read/write access to all framework-accessible data after tricking a user into interacting with a malicious request. The flaw is reachable over HTTPS with low attack complexity but requires user interaction, and no public exploit identified at time of analysis. Oracle published a vendor advisory in the June 2026 Critical Patch Update.

Authentication Bypass Oracle Oracle Enterprise Command Center Framework
NVD
EPSS 0% CVSS 9.9
CRITICAL Act Now

Privileged data manipulation and disclosure in Oracle Enterprise Command Center Framework V15 and V16 allows a low-privileged remote attacker over HTTP to gain unauthorized read, modify, and delete access to all framework-accessible data, with scope change extending impact to other Oracle E-Business Suite products. The CVSS 9.9 score reflects low attack complexity, low privileges required, and the scope change that crosses security boundaries into adjacent products. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV.

Authentication Bypass Denial Of Service Oracle +1
NVD VulDB
EPSS 0% CVSS 9.1
CRITICAL Act Now

Privileged takeover of Oracle Enterprise Command Center Framework (ECC) versions V15 and V16, a component of Oracle E-Business Suite, allows a high-privileged authenticated attacker with HTTP network access to fully compromise the ECC component and, through a scope change, significantly impact additional integrated products. Oracle's June 2026 Critical Patch Update advisory rates this CVSS 9.1 (C:H/I:H/A:H with S:C), and no public exploit identified at time of analysis. The combined high privilege requirement and scope change make this a real lateral-movement risk inside ERP deployments rather than a perimeter RCE.

Oracle Oracle Enterprise Command Center Framework Authentication Bypass
NVD
EPSS 0% CVSS 9.9
CRITICAL Act Now

Privilege escalation and full takeover of Oracle Enterprise Command Center Framework (versions V15 and V16) is achievable by a low-privileged remote attacker over HTTP, with a scope change that lets the compromise impact other Oracle E-Business Suite components. The flaw carries a CVSS 3.1 base score of 9.9 (C:H/I:H/A:H, S:C). No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

Oracle Oracle Enterprise Command Center Framework Authentication Bypass
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy