{"api_version":"1","generated_at":"2026-06-19T08:22:28+00:00","cve":"CVE-2026-46970","urls":{"html":"https://cve.report/CVE-2026-46970","api":"https://cve.report/api/cve/CVE-2026-46970.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-46970","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-46970"},"summary":{"title":"CVE-2026-46970","description":"Vulnerability in the Oracle HR Intelligence product of Oracle E-Business Suite (component: Internal Operations).  Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle HR Intelligence.  Successful attacks of this vulnerability can result in takeover of Oracle HR Intelligence. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).","state":"PUBLISHED","assigner":"oracle","published_at":"2026-06-17 10:54:16","updated_at":"2026-06-18 22:21:04"},"problem_types":["CWE-269","Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle HR Intelligence.  Successful attacks of this vulnerability can result in takeover of Oracle HR Intelligence.","CWE-269 CWE-269 Improper Privilege Management"],"metrics":[{"version":"3.1","source":"secalert_us@oracle.com","type":"Secondary","score":"7.2","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"3.1","source":"CNA","type":"DECLARED","score":"7.2","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":7.2,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"HIGH","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}}],"references":[{"url":"https://www.oracle.com/security-alerts/cspujun2026.html","name":"https://www.oracle.com/security-alerts/cspujun2026.html","refsource":"secalert_us@oracle.com","tags":["Vendor Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-46970","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-46970","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Oracle Corporation","product":"Oracle HR Intelligence","version":"affected 12.2.3 12.2.15 custom","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2026","cve_id":"46970","vulnerable":"1","versionEndIncluding":"12.2.15","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"hr_intelligence","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"46970","cve":"CVE-2026-46970","epss":"0.004300000","percentile":"0.342710000","score_date":"2026-06-18","updated_at":"2026-06-19 00:08:10"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2026-46970","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","timestamp":"2026-06-17T15:55:22.952620Z","version":"2.0.3"},"type":"ssvc"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-269","description":"CWE-269 Improper Privilege Management","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-06-17T15:56:50.410Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"product":"Oracle HR Intelligence","vendor":"Oracle Corporation","versions":[{"lessThanOrEqual":"12.2.15","status":"affected","version":"12.2.3","versionType":"custom"}]}],"cpeApplicability":[{"nodes":[{"cpeMatch":[{"criteria":"cpe:2.3:a:oracle:hr_intelligence:*:*:*:*:*:*:*:*","versionEndIncluding":"12.2.15","versionStartIncluding":"12.2.3","vulnerable":true}],"negate":false,"operator":"OR"}]}],"descriptions":[{"lang":"en-US","value":"Vulnerability in the Oracle HR Intelligence product of Oracle E-Business Suite (component: Internal Operations).  Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle HR Intelligence.  Successful attacks of this vulnerability can result in takeover of Oracle HR Intelligence. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":7.2,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"HIGH","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}}],"problemTypes":[{"descriptions":[{"description":"Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle HR Intelligence.  Successful attacks of this vulnerability can result in takeover of Oracle HR Intelligence.","lang":"en-US"}]}],"providerMetadata":{"dateUpdated":"2026-06-16T19:28:06.020Z","orgId":"43595867-4340-4103-b7a2-9a5208d29a85","shortName":"oracle"},"references":[{"name":"Oracle Advisory","tags":["vendor-advisory"],"url":"https://www.oracle.com/security-alerts/cspujun2026.html"}]}},"cveMetadata":{"assignerOrgId":"43595867-4340-4103-b7a2-9a5208d29a85","assignerShortName":"oracle","cveId":"CVE-2026-46970","datePublished":"2026-06-16T19:28:06.020Z","dateReserved":"2026-05-18T15:55:10.314Z","dateUpdated":"2026-06-17T15:56:50.410Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-06-17 10:54:16","lastModifiedDate":"2026-06-18 22:21:04","problem_types":["CWE-269","Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle HR Intelligence.  Successful attacks of this vulnerability can result in takeover of Oracle HR Intelligence.","CWE-269 CWE-269 Improper Privilege Management"],"metrics":{"cvssMetricV31":[{"source":"secalert_us@oracle.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-17T15:55:22.952620Z","id":"CVE-2026-46970","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:hr_intelligence:*:*:*:*:*:*:*:*","versionStartIncluding":"12.2.3","versionEndIncluding":"12.2.15","matchCriteriaId":"60D58752-9708-4644-87E6-45D002BEC6D4"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"46970","Ordinal":"1","Title":"CVE-2026-46970","CVE":"CVE-2026-46970","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"46970","Ordinal":"1","NoteData":"Vulnerability in the Oracle HR Intelligence product of Oracle E-Business Suite (component: Internal Operations).  Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle HR Intelligence.  Successful attacks of this vulnerability can result in takeover of Oracle HR Intelligence. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).","Type":"Description","Title":"CVE-2026-46970"}]}}}