Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
CVE-2026-46817: Oracle E-Business Suite Payments File Transmission Compromise
CVE-2026-46817
Summary
The Oracle E-Business Suite's Payments component has a vulnerability in its File Transmission feature. This means an attacker with internet access can potentially take control of the Payments system, which could lead to sensitive information being stolen, payments being manipulated, or the system being shut down. Update your system to the latest version to fix this issue.
Original title
Vulnerability in the Oracle Payments product of Oracle E-Business Suite (component: File Transmission). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability al...
Original description
Vulnerability in the Oracle Payments product of Oracle E-Business Suite (component: File Transmission). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Payments. Successful attacks of this vulnerability can result in takeover of Oracle Payments. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
nvd CVSS3.1
9.8
Vulnerability type
CWE-269
Improper Privilege Management
CWE-287
Improper Authentication
CWE-306
Missing Authentication for Critical Function
Published: 28 May 2026 · Updated: 31 May 2026 · First seen: 28 May 2026