
[CIVN-2026-0352] Vulnerability in the Oracle Payments product of Oracle E-Business Suite
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
Vulnerability in the Oracle Payments product of Oracle E-Business Suite
Indian – Computer Emergency Response Team (https://www.cert-in.org.in)
Severity Rating: CRITICAL
Software Affected
Oracle E-Business Suite versions 12.2.3-12.2.15.
Overview
A vulnerability has been reported in Oracle E-Business Suite, which may allow an unauthenticated attacker with network access via HTTP to compromise the Oracle Payments component on the targeted system.
Target Audience:
All end-user organizations and individuals using affected Oracle E-Business Suite.
Risk Assessment:
High risk of unauthorized access and disruption of business operations.
Impact Assessment:
Potential for complete system takeover, unauthorized access to sensitive information, and disruption of services.
Description
Oracle E-Business Suite (EBS) is an integrated set of enterprise applications designed to help organisations automate and manage core business functions such as finance, human resources, supply chain, and more. It supports global operations and can be deployed on-premises or in the cloud.
This vulnerability exists in Oracle Payments product of Oracle E-Business Suite due to security flaw in the File Transmission component.
Successful exploitation of this vulnerability could allow an unauthenticated attacker with network access via HTTP to compromise the Oracle Payments component on the targeted system.
Solution
Apply appropriate updates as mentioned by the vendor:
Vendor Information
Oracle
https://www.oracle.com/security-alerts/cspumay2026.html
References
https://www.oracle.com/security-alerts/cspumay2026.html
https://www.bleepingcomputer.com/news/security/new-oracle-e-business-suite-flaw-now-exploited-in-attacks/
CVE Name
CVE-2026-46817
– —
Thanks and Regards,
CERT-In
Incident Response Help Desk
e-mail: incident@cert-in.org.in
Phone: +91-11-22902657
Toll Free Number: 1800-11-4949
Toll Free Fax : 1800-11-6969
Web: http://www.cert-in.org.in
PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4
PGP Key information:
https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS
Postal address:
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmpGdtsACgkQ3jCgcSdc
ys/7Hg/+PcK9uzIq2L+oVRQKda6vgHUbJLFleawdr/bzZ7+QEQCT8uFugIPAVThH
RJXzm2MB5etwXMBbTICGsy8mCA5NgsRBottH1w2vKZscjl98pKDyN/Wyg/TTWw0p
emC9B0ha0t9mtbugWUveXjH9SyqDyjJTZnI0KHeEcxwyW9uNOeOoDhV4W4rtX1vl
xaYgSoducPZQoO+uG5J4JpheIRfxnRo5hsIFSUgP4XBxM//EjW9DzC8INI0lQ3Gn
Zk9UDT3bEpxdZR/T5XC8FFr/TpeHbs4fIdsk3/GbU2EnwPDGHMX0dD/dpj8LAH8p
qYbW4d+4+d6HkmJQMZcfekDueR15MoQU6+VAtPi2GjDusX3fEgOlcQUhW+mb0Flg
S6bKfR/duzJYwdTvwIcoQK2oZ24nZjhzfRvV/X+PgFbb0gCNPimrvSHMNoHWtGkQ
hzFHypj79KRcVllrihQB0ukLi312qtkkwGoY8/OG0iBwGJUPPKRjRadBVrGkfxrd
TvvIRHiFpcQujFBCJL/34XB02IRNHe1fH3F2eMR9BFdH/5EP1VwIjbOmKGOnW3RN
FY8qfV6aEuRoBSxyyKnyCJxrq0rP9OXziRA/zzCIhx9w3Vu8pEOmOJl3Bfw5VOIZ
yvt4qhuHPiQIs3Jy+8fIwrdrpIFyTziPeyMi1seS7IVd/V1ISsE=
=fKZh
—–END PGP SIGNATURE—–


