Oracle Payments
Monthly
Remote takeover of Oracle Payments in Oracle E-Business Suite versions 12.2.3 through 12.2.15 is possible via the File Transmission component, allowing unauthenticated network-based attackers to fully compromise confidentiality, integrity, and availability (CVSS 9.8). The flaw is described by Oracle as easily exploitable over HTTP with no user interaction, and no public exploit identified at time of analysis. Tagged as Information Disclosure and listed in Oracle's May 2026 Critical Patch Update advisory.
Remote takeover of Oracle Payments in Oracle E-Business Suite versions 12.2.3 through 12.2.15 is possible via the File Transmission component, allowing unauthenticated network-based attackers to fully compromise confidentiality, integrity, and availability (CVSS 9.8). The flaw is described by Oracle as easily exploitable over HTTP with no user interaction, and no public exploit identified at time of analysis. Tagged as Information Disclosure and listed in Oracle's May 2026 Critical Patch Update advisory.