Vulnerability in the Oracle Payments product of Oracle E-Business Suite (component: File Transmission). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Payments. Successful attacks of this vulnerability can result in takeover of Oracle Payments. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
An attacker with network access to the system via HTTP protocol can exploit inadequate authentication or authorization controls in the File Transmission component (CWE-287, CWE-306, CWE-269). The vulnerability allows unauthorized access to system functions without the need to possess credentials. The low complexity of the attack and lack of prerequisites make this vulnerability particularly dangerous in network-exposed environments.
A successful attack leads to complete takeover of the Oracle Payments system, with the potential to compromise confidentiality, integrity, and availability of data and financial services handled by this product.
Apply patches available from the vendor in accordance with the references — Oracle Critical Patch Update (CPU) from May 2026, available at: https://www.oracle.com/security-alerts/cspumay2026.html
Oracle Payments within Oracle E-Business Suite, versions 12.2.3 to 12.2.15 (inclusive), File Transmission component.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HOracle E Business Suite
APPOracle12.2.3 – 12.2.15
Related vulnerabilities
Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component:...
Krytyczny Auth Bypass w Oracle Internet Procurement Connector (E-Business Suite)
Krytyczny Auth Bypass w Oracle E-Business Suite — moduł iSurvey
Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: OCM Que...
Vulnerability in the Oracle Performance Management component of Oracle E-Business Suite (subcomponent: Perform...