Skip to main content

Oracle Subledger Accounting

2 CVEs product

Monthly

CVE-2026-46959 HIGH This Week

Takeover of Oracle Subledger Accounting (component: Internal Operations) in Oracle E-Business Suite versions 12.2.3 through 12.2.15 allows an authenticated low-privileged attacker with HTTP network access to fully compromise confidentiality, integrity, and availability of the module. Although the CVSS 3.1 base score is 7.5 with high impact across all three pillars, the AC:H rating signals non-trivial exploitation requirements, and there is no public exploit identified at time of analysis.

Oracle Oracle Subledger Accounting Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-46958 HIGH This Week

Takeover of Oracle Subledger Accounting (component: Internal Operations) in Oracle E-Business Suite versions 12.2.3 through 12.2.15 is possible by a low-privileged remote attacker leveraging HTTP. The flaw yields full confidentiality, integrity, and availability impact (CVSS 7.5) but is rated high attack complexity, so reliable exploitation is non-trivial. No public exploit identified at time of analysis, and the issue is not listed on CISA KEV.

Oracle Oracle Subledger Accounting Privilege Escalation
NVD
CVSS 3.1
7.5
EPSS
0.3%
EPSS 0% CVSS 7.5
HIGH This Week

Takeover of Oracle Subledger Accounting (component: Internal Operations) in Oracle E-Business Suite versions 12.2.3 through 12.2.15 allows an authenticated low-privileged attacker with HTTP network access to fully compromise confidentiality, integrity, and availability of the module. Although the CVSS 3.1 base score is 7.5 with high impact across all three pillars, the AC:H rating signals non-trivial exploitation requirements, and there is no public exploit identified at time of analysis.

Oracle Oracle Subledger Accounting Authentication Bypass
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Takeover of Oracle Subledger Accounting (component: Internal Operations) in Oracle E-Business Suite versions 12.2.3 through 12.2.15 is possible by a low-privileged remote attacker leveraging HTTP. The flaw yields full confidentiality, integrity, and availability impact (CVSS 7.5) but is rated high attack complexity, so reliable exploitation is non-trivial. No public exploit identified at time of analysis, and the issue is not listed on CISA KEV.

Oracle Oracle Subledger Accounting Privilege Escalation
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy