CVE-2026-46823

CVE-2026-46823 PUBLISHED

Assigner: oracle
Reserved: 18.05.2026 Published: 28.05.2026 Updated: 28.05.2026

Vulnerability in the Oracle Public Sector Financials (International) product of Oracle E-Business Suite (component: Authorization). Supported versions that are affected are 12.2.6-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Public Sector Financials (International). While the vulnerability is in Oracle Public Sector Financials (International), attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Public Sector Financials (International) accessible data. CVSS 3.1 Base Score 7.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
CVSS Score: 7.7

Attack Vector	Network	Scope	Changed
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	Low	Integrity Impact	None
User Interaction	None	Availability Impact	None

CVSS 3.1

Product Status

Vendor	Oracle Corporation
Product	Oracle Public Sector Financials (International)
Versions	affected from 12.2.6 to 12.2.15 (incl.)

Vendor

Oracle Corporation

Product

Oracle Public Sector Financials (International)

Versions

affected from 12.2.6 to 12.2.15 (incl.)

References

Problem Types