CVE-2026-46971
EUVD-2026-3728117.06.2026, 10:54
Vulnerability in the Oracle HR Intelligence product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle HR Intelligence. Successful attacks of this vulnerability can result in takeover of Oracle HR Intelligence. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H).Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| oracle | hr_intelligence | 12.2.3 ≤ 𝑥 ≤ 12.2.15 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-269 - Improper Privilege ManagementThe software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
- CWE-284 - Improper Access ControlThe software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Vulnerability Media Exposure