Skip to main content

Oracle Project Portfolio Analysis

3 CVEs product

Monthly

CVE-2026-46962 HIGH This Week

Authenticated takeover of Oracle Project Portfolio Analysis (E-Business Suite versions 12.2.3 through 12.2.15) is possible over HTTP, allowing a low-privileged attacker to fully compromise the application's confidentiality, integrity, and availability. Oracle rates this as easily exploitable with a CVSS 3.1 base score of 8.8, though no public exploit identified at time of analysis. The flaw resides in the Internal Operations component and was disclosed in Oracle's June 2026 Critical Patch Update.

Oracle Oracle Project Portfolio Analysis Authentication Bypass
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2026-46961 HIGH This Week

Account takeover in Oracle Project Portfolio Analysis (E-Business Suite component Internal Operations) versions 12.2.3 through 12.2.15 allows a low-privileged authenticated attacker to fully compromise the module over HTTP. Oracle's June 2026 Critical Patch Update rates the issue 8.8 with high confidentiality, integrity, and availability impacts, and the CVSS vector flags it as easily exploitable; no public exploit identified at time of analysis and the issue is not on CISA KEV.

Oracle Oracle Project Portfolio Analysis Authentication Bypass
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2026-46960 HIGH This Week

Full product takeover of Oracle Project Portfolio Analysis (E-Business Suite component Internal Operations) is possible by an authenticated high-privileged attacker over HTTP, affecting supported versions 12.2.3 through 12.2.15. The flaw yields complete confidentiality, integrity, and availability impact on the application. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Oracle Oracle Project Portfolio Analysis Authentication Bypass
NVD
CVSS 3.1
7.2
EPSS
0.5%
EPSS 0% CVSS 8.8
HIGH This Week

Authenticated takeover of Oracle Project Portfolio Analysis (E-Business Suite versions 12.2.3 through 12.2.15) is possible over HTTP, allowing a low-privileged attacker to fully compromise the application's confidentiality, integrity, and availability. Oracle rates this as easily exploitable with a CVSS 3.1 base score of 8.8, though no public exploit identified at time of analysis. The flaw resides in the Internal Operations component and was disclosed in Oracle's June 2026 Critical Patch Update.

Oracle Oracle Project Portfolio Analysis Authentication Bypass
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Account takeover in Oracle Project Portfolio Analysis (E-Business Suite component Internal Operations) versions 12.2.3 through 12.2.15 allows a low-privileged authenticated attacker to fully compromise the module over HTTP. Oracle's June 2026 Critical Patch Update rates the issue 8.8 with high confidentiality, integrity, and availability impacts, and the CVSS vector flags it as easily exploitable; no public exploit identified at time of analysis and the issue is not on CISA KEV.

Oracle Oracle Project Portfolio Analysis Authentication Bypass
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Full product takeover of Oracle Project Portfolio Analysis (E-Business Suite component Internal Operations) is possible by an authenticated high-privileged attacker over HTTP, affecting supported versions 12.2.3 through 12.2.15. The flaw yields complete confidentiality, integrity, and availability impact on the application. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Oracle Oracle Project Portfolio Analysis Authentication Bypass
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy