Primary

Context

Oracle E-Business Suite Payments File Transmission Vulnerability Allowing Unauthenticated Takeover

Vulnerability

Patched

A vulnerability exists in the Oracle Payments component of Oracle E-Business Suite, specifically in versions 12.2.3 through 12.2.15. This vulnerability allows an unauthenticated attacker with network access via HTTP to compromise the Oracle Payments system. Exploitation of this vulnerability could lead to a complete takeover of the Oracle Payments application.

Impact

Successful exploitation allows for unauthorized takeover of the Oracle Payments application within Oracle E-Business Suite.

Remediation

Users are advised to apply the May 2026 Critical Security Patch Update for Oracle E-Business Suite. For specific patching instructions, refer to the Oracle E-Business Suite Release 12 Critical Security Patch Update Knowledge Document (May 2026), available as My Oracle Support Note KA923.

Added: May 28, 2026, 9:52 PM

Updated: May 28, 2026, 9:52 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

7.5

exploitability

7.0

remediation

7.7

relevance

9.2

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

7.5

exploitability

7.0

remediation

7.7

relevance

9.2

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Oracle E-Business Suite Payments File Transmission Vulnerability Allowing Unauthenticated Takeover

Vulnerability

Impact

Remediation

Affected Products

Oracle Payments

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating