Oracle Isupplier Portal
Monthly
Takeover of Oracle iSupplier Portal (E-Business Suite versions 12.2.3 through 12.2.15) is achievable by a low-privileged remote attacker over HTTP, per Oracle's June 2026 Critical Patch Update. The flaw is rated CVSS 7.5 with high confidentiality, integrity, and availability impact, but carries high attack complexity, suggesting non-trivial preconditions. There is no public exploit identified at time of analysis and the CVE is not on CISA KEV.
Account takeover in Oracle iSupplier Portal (E-Business Suite versions 12.2.3-12.2.15) allows a low-privileged remote attacker to fully compromise the application by tricking a separate user into interacting with attacker-supplied content over HTTPS. The Home Page component is the entry point, and successful exploitation yields full confidentiality, integrity, and availability impact on the portal. No public exploit identified at time of analysis, but Oracle's critical patch advisory confirms the issue is real and patchable.
Takeover of Oracle iSupplier Portal (E-Business Suite versions 12.2.3 through 12.2.15) is achievable by a low-privileged remote attacker over HTTP, per Oracle's June 2026 Critical Patch Update. The flaw is rated CVSS 7.5 with high confidentiality, integrity, and availability impact, but carries high attack complexity, suggesting non-trivial preconditions. There is no public exploit identified at time of analysis and the CVE is not on CISA KEV.
Account takeover in Oracle iSupplier Portal (E-Business Suite versions 12.2.3-12.2.15) allows a low-privileged remote attacker to fully compromise the application by tricking a separate user into interacting with attacker-supplied content over HTTPS. The Home Page component is the entry point, and successful exploitation yields full confidentiality, integrity, and availability impact on the portal. No public exploit identified at time of analysis, but Oracle's critical patch advisory confirms the issue is real and patchable.