Oracle Payments EBS FT 12.2.3-12.2.15 Remote Authz Escalation
CVE-2026-46818 Published on May 28, 2026
Vulnerability in the Oracle Payments product of Oracle E-Business Suite (component: File Transmission). Supported versions that are affected are 12.2.3-12.2.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Payments. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Payments accessible data as well as unauthorized access to critical data or complete access to all Oracle Payments accessible data. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).
Vulnerability Analysis
CVE-2026-46818 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality and integrity, and no impact on availability.
Products Associated with CVE-2026-46818
Want to know whenever a new CVE is published for Oracle Payments? stack.watch will email you.
Affected Versions
Oracle Corporation Oracle Payments:- Version 12.2.3, <= 12.2.15 is affected.