Oracle E-Business Suite Payments File Transmission Vulnerability Allowing Unauthenticated Data Access and Modification

A vulnerability exists in the Oracle Payments component of Oracle E-Business Suite, specifically in versions 12.2.3 through 12.2.15. This vulnerability allows an unauthenticated attacker with network access via HTTPS to compromise Oracle Payments. Exploitation of this vulnerability could lead to unauthorized creation, deletion, or modification of critical data, as well as unauthorized access to all Oracle Payments accessible data. The vulnerability is considered difficult to exploit.

Impact

Successful exploitation allows for unauthorized access to critical data and the ability to create, delete, or modify all Oracle Payments accessible data.

Remediation

Users are advised to apply the May 2026 Critical Security Patch Update. For instructions on what patches need to be applied, refer to the Oracle E-Business Suite Release 12 Critical Security Patch Update Knowledge Document (May 2026), available as My Oracle Support Note KA923.