SecuriTricks - CVE-2026-46894

Description

Vulnerability in the Oracle iSupplier Portal product of Oracle E-Business Suite (component: Home Page). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle iSupplier Portal. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle iSupplier Portal. CVSS 3.1 Base Score 8.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H).

Product(s) Impacted

Vendor	Product	Versions
Oracle	Oracle Ebusiness Suite Oracle Isupplier Portal	12.2.3-12.2.15 12.2.3-12.2.15

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-352

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
a	oracle	oracle_ebusiness_suite	12.2.3-12.2.15	/	/	/	/	/	/	/
a	oracle	oracle_isupplier_portal	12.2.3-12.2.15	/	/	/	/	/	/	/

References

https://www.oracle.com/security-alerts/cspujun2026.html

CVSS Score

8.0 / 10

CVSS Data - 3.1

Attack Vector: NETWORK
Attack Complexity: LOW
Privileges Required: LOW
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

View Vector String

Timeline

Published: June 17, 2026, 10:54 a.m.
Last Modified: June 17, 2026, 2:17 p.m.

Status : Undergoing Analysis

CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.

More info

Source

[email protected]

CVE-2026-46894