[CIVN-2026-0352] Vulnerability in the Oracle Payments product of Oracle E-Business Suite

By Published On: July 2, 2026

—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256


Vulnerability in the Oracle Payments product of Oracle E-Business Suite


Indian – Computer Emergency Response Team (https://www.cert-in.org.in)


Severity Rating: CRITICAL


Software Affected


Oracle E-Business Suite versions 12.2.3-12.2.15.

Overview


A vulnerability has been reported in Oracle E-Business Suite, which may allow an unauthenticated attacker with network access via HTTP to compromise the Oracle Payments component on the targeted system.


Target Audience:

All end-user organizations and individuals using affected Oracle E-Business Suite.


Risk Assessment:

High risk of unauthorized access and disruption of business operations.


Impact Assessment:

Potential for complete system takeover, unauthorized access to sensitive information, and disruption of services.


Description


Oracle E-Business Suite (EBS) is an integrated set of enterprise applications designed to help organisations automate and manage core business functions such as finance, human resources, supply chain, and more. It supports global operations and can be deployed on-premises or in the cloud.


This vulnerability exists in Oracle Payments product of Oracle E-Business Suite due to security flaw in the File Transmission component.


Successful exploitation of this vulnerability could allow an unauthenticated attacker with network access via HTTP to compromise the Oracle Payments component on the targeted system.


Solution


Apply appropriate updates as mentioned by the vendor:


Vendor Information


Oracle

https://www.oracle.com/security-alerts/cspumay2026.html


References


 

https://www.oracle.com/security-alerts/cspumay2026.html

https://www.bleepingcomputer.com/news/security/new-oracle-e-business-suite-flaw-now-exploited-in-attacks/


CVE Name

CVE-2026-46817




– —


Thanks and Regards,

CERT-In


Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS


Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–


iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmpGdtsACgkQ3jCgcSdc

ys/7Hg/+PcK9uzIq2L+oVRQKda6vgHUbJLFleawdr/bzZ7+QEQCT8uFugIPAVThH

RJXzm2MB5etwXMBbTICGsy8mCA5NgsRBottH1w2vKZscjl98pKDyN/Wyg/TTWw0p

emC9B0ha0t9mtbugWUveXjH9SyqDyjJTZnI0KHeEcxwyW9uNOeOoDhV4W4rtX1vl

xaYgSoducPZQoO+uG5J4JpheIRfxnRo5hsIFSUgP4XBxM//EjW9DzC8INI0lQ3Gn

Zk9UDT3bEpxdZR/T5XC8FFr/TpeHbs4fIdsk3/GbU2EnwPDGHMX0dD/dpj8LAH8p

qYbW4d+4+d6HkmJQMZcfekDueR15MoQU6+VAtPi2GjDusX3fEgOlcQUhW+mb0Flg

S6bKfR/duzJYwdTvwIcoQK2oZ24nZjhzfRvV/X+PgFbb0gCNPimrvSHMNoHWtGkQ

hzFHypj79KRcVllrihQB0ukLi312qtkkwGoY8/OG0iBwGJUPPKRjRadBVrGkfxrd

TvvIRHiFpcQujFBCJL/34XB02IRNHe1fH3F2eMR9BFdH/5EP1VwIjbOmKGOnW3RN

FY8qfV6aEuRoBSxyyKnyCJxrq0rP9OXziRA/zzCIhx9w3Vu8pEOmOJl3Bfw5VOIZ

yvt4qhuHPiQIs3Jy+8fIwrdrpIFyTziPeyMi1seS7IVd/V1ISsE=

=fKZh

—–END PGP SIGNATURE—–

Share this article