NCSC NL | Security Advisories

Security Advisory; NCSC-2026-0201 [1.0.0]

Security Advisory: NCSC-2026-0201 [1.0.0]
Publicatie: 17-06-2026 10:53 (Europe/Amsterdam)
Prioriteit: Normaal
Betreft: Kwetsbaarheden verholpen in Oracle E-Business Suite producten

Kenmerken

Improper Authorization

Omschrijving

Oracle heeft kwetsbaarheden verholpen in diverse Oracle E-Business Suite producten, waaronder Oracle Enterprise Command Center Framework, iSupplier Portal, Complex Maintenance, Repair and Overhaul, Process Manufacturing Product Development, HR Intelligence, Receivables, Spares Management, Cost Management, Enterprise Asset Management, Applications Manager, iSupport, Advanced Outbound Telephony, Quality, HRMS (UK), Human Resources, Property Manager, Subledger Accounting, Project Portfolio Analysis, Universal Work Queue, Public Sector Financials (International), Financials for EMEA, Outsourced Manufacturing, en Public Sector Payroll.

De kwetsbaarheden stellen een aanvaller met netwerktoegang en vaak lage tot hoge privileges in staat om ongeautoriseerde acties uit te voeren, waaronder het verkrijgen van volledige controle over het systeem, het creëren, wijzigen of verwijderen van kritieke data, en het veroorzaken van gedeeltelijke of volledige Denial-of-Service. Sommige kwetsbaarheden vereisen gebruikersinteractie, andere kunnen worden misbruikt zonder authenticatie. De kwetsbaarheden beïnvloeden de vertrouwelijkheid, integriteit en beschikbaarheid van de systemen. De CVSS 3.1 basis scores variëren van 7.1 tot 9.9, waarbij meerdere kwetsbaarheden een score van 8.8 of hoger hebben. De kwetsbaarheden zijn aanwezig in verschillende versies, voornamelijk tussen 12.2.3 en 12.2.15, en in sommige gevallen ook in versies 15 en 16 van het Enterprise Command Center Framework. Exploitatie kan leiden tot volledige systeemcompromittering en kan ook impact hebben op andere Oracle producten die afhankelijk zijn van de kwetsbare componenten.

Oplossingen

Oracle heeft updates uitgebracht om de kwetsbaarheden in de genoemde producten te verhelpen. Zie bijgevoegde referenties voor meer informatie.

Referenties

https://www.oracle.com/security-alerts/cspujun2026.html

CVE's

CVE-2026-46949 - CVSS (v3) 9.1
CVE-2026-46950 - CVSS (v3) 8.8
CVE-2026-46951 - CVSS (v3) 8.8
CVE-2026-46952 - CVSS (v3) 8.8
CVE-2026-46953 - CVSS (v3) 7.2
CVE-2026-46955 - CVSS (v4) 7.7
CVE-2026-46956 - CVSS (v3) 7.2
CVE-2026-46957 - CVSS (v3) 7.5
CVE-2026-46958 - CVSS (v3) 7.5
CVE-2026-46959 - CVSS (v3) 7.5
CVE-2026-46960 - CVSS (v3) 7.2
CVE-2026-46961 - CVSS (v3) 8.8
CVE-2026-46962 - CVSS (v3) 8.8
CVE-2026-46963 - CVSS (v3) 9.9
CVE-2026-46964 - CVSS (v3) 9.9
CVE-2026-46965 - CVSS (v4) 8.7
CVE-2026-46966 - CVSS (v4) 7.7
CVE-2026-46967 - CVSS (v4) 8.7
CVE-2026-46969 - CVSS (v3) 7.2
CVE-2026-46970 - CVSS (v3) 7.2
CVE-2026-46971 - CVSS (v3) 7.5
CVE-2026-46972 - CVSS (v3) 8.8
CVE-2026-46973 - CVSS (v3) 8.8
CVE-2026-46976 - CVSS (v4) 8.6
CVE-2026-46894 - CVSS (v4) 8.6
CVE-2026-46895 - CVSS (v3) 9.9
CVE-2026-46896 - CVSS (v3) 9.1
CVE-2026-46897 - CVSS (v3) 9.9
CVE-2026-46898 - CVSS (v3) 8.1
CVE-2026-46899 - CVSS (v3) 9.6
CVE-2026-46900 - CVSS (v3) 9.9
CVE-2026-46901 - CVSS (v3) 9.9
CVE-2026-46902 - CVSS (v3) 9.8
CVE-2026-46915 - CVSS (v3) 8.5
CVE-2026-46916 - CVSS (v3) 8.8
CVE-2026-46918 - CVSS (v3) 9.9
CVE-2026-46922 - CVSS (v3) 7.2
CVE-2026-46927 - CVSS (v4) 9.2
CVE-2026-46928 - CVSS (v3) 8.8
CVE-2026-46929 - CVSS (v3) 8.8
CVE-2026-46930 - CVSS (v3) 9.1
CVE-2026-46931 - CVSS (v3) 8.8
CVE-2026-46932 - CVSS (v3) 7.1
CVE-2026-46933 - CVSS (v3) 9.9
CVE-2026-46934 - CVSS (v3) 7.5
CVE-2026-46935 - CVSS (v3) 7.5
CVE-2026-46937 - CVSS (v3) 8.8
CVE-2026-46938 - CVSS (v3) 7.2
CVE-2026-46939 - CVSS (v4) 5.3
CVE-2026-46940 - CVSS (v3) 8.8
CVE-2026-46942 - CVSS (v3) 8.8
CVE-2026-46944 - CVSS (v3) 9.1
CVE-2026-46945 - CVSS (v3) 9.1
CVE-2026-46946 - CVSS (v3) 9.1
CVE-2026-46947 - CVSS (v3) 8.8

Producten

Oracle

Oracle Advanced Outbound Telephony

Oracle Applications Manager

Oracle Complex Maintenance, Repair and Overhaul

Oracle Configure to Order

Oracle Cost Management

Oracle Enterprise Asset Management

Oracle Enterprise Command Center Framework

Oracle Financials for EMEA

Oracle HR Intelligence

Oracle HRMS (UK)

Oracle Human Resources

Oracle In-Memory Cost Management for Discrete Industries

Oracle Outsourced Mfg for Discrete Industries

Oracle Process Manufacturing Process Planning

Oracle Process Manufacturing Product Development

Oracle Project Portfolio Analysis

Oracle Property Manager

Oracle Public Sector Financials (International)

Oracle Public Sector Payroll

Oracle Quality

Oracle Receivables

Oracle Spares Management

Oracle Subledger Accounting

Oracle Universal Work Queue

Oracle iSetup

Oracle iSupplier Portal

Oracle iSupport

Disclaimer

The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions: NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein. NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory. This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.