Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.9
CVE-2026-46822: Oracle iAssets Takeover via HTTP for Low-Privileged Attackers
CVE-2026-46822
Summary
Oracle iAssets in Oracle E-Business Suite versions 12.2.3 to 12.2.15 can be taken over by a hacker with low privileges and access to the internet. This is a significant risk because it can also affect other products used in the same system. To protect your system, update Oracle iAssets to the latest version or apply the recommended patch.
Original title
Vulnerability in the Oracle iAssets product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability a...
Original description
Vulnerability in the Oracle iAssets product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle iAssets. While the vulnerability is in Oracle iAssets, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle iAssets. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
nvd CVSS3.1
9.9
Vulnerability type
CWE-284
Improper Access Control
Published: 28 May 2026 · Updated: 31 May 2026 · First seen: 28 May 2026