{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-46902","assignerOrgId":"43595867-4340-4103-b7a2-9a5208d29a85","state":"PUBLISHED","assignerShortName":"oracle","dateReserved":"2026-05-18T15:55:10.310Z","datePublished":"2026-06-16T19:27:47.717Z","dateUpdated":"2026-06-18T03:57:25.641Z"},"containers":{"cna":{"providerMetadata":{"orgId":"43595867-4340-4103-b7a2-9a5208d29a85","shortName":"oracle","dateUpdated":"2026-06-16T19:27:47.717Z"},"problemTypes":[{"descriptions":[{"lang":"en-US","description":"Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Enterprise Command Center Framework.  Successful attacks of this vulnerability can result in takeover of Oracle Enterprise Command Center Framework."}]}],"affected":[{"vendor":"Oracle Corporation","product":"Oracle Enterprise Command Center Framework","versions":[{"version":"V15","status":"affected","versionType":"semver"},{"version":"V16","status":"affected","versionType":"semver"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:enterprise_command_center_framework:v15:*:*:*:*:*:*:*"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:enterprise_command_center_framework:v16:*:*:*:*:*:*:*"}]}]}],"descriptions":[{"lang":"en-US","value":"Vulnerability in the Oracle Enterprise Command Center Framework product of Oracle E-Business Suite (component: Core).  Supported versions that are affected are V15 and  V16. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Enterprise Command Center Framework.  Successful attacks of this vulnerability can result in takeover of Oracle Enterprise Command Center Framework. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)."}],"references":[{"url":"https://www.oracle.com/security-alerts/cspujun2026.html","name":"Oracle Advisory","tags":["vendor-advisory"]}],"metrics":[{"cvssV3_1":{"attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL"}}]},"adp":[{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-306","lang":"en","description":"CWE-306 Missing Authentication for Critical Function"}]},{"descriptions":[{"type":"CWE","cweId":"CWE-284","lang":"en","description":"CWE-284 Improper Access Control"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-06-17T00:00:00+00:00","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3","id":"CVE-2026-46902"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-06-18T03:57:25.641Z"}}]}}