Volerion logoVolerion
Volerion logoVolerion

Oracle E-Business Suite Internet Procurement Connector Vulnerability Allows Unauthenticated Data Manipulation

Vulnerability

A vulnerability exists in the Oracle Internet Procurement Connector component of Oracle E-Business Suite, specifically in versions 12.2.3 through 12.2.15. This vulnerability allows an unauthenticated attacker with network access via HTTP to compromise the Oracle Internet Procurement Connector. Exploitation of this vulnerability could lead to unauthorized creation, deletion, or modification of critical data, as well as unauthorized access to all data accessible through the Oracle Internet Procurement Connector.

Impact

Successful exploitation allows for unauthorized manipulation and access to critical data within the Oracle Internet Procurement Connector.

Remediation

Users are advised to apply the May 2026 Critical Security Patch Update for Oracle E-Business Suite. For specific patching instructions, refer to the Oracle E-Business Suite Release 12 Critical Security Patch Update Knowledge Document (May 2026), available as My Oracle Support Note KA923.

Added: May 28, 2026, 9:53 PM
Updated: May 28, 2026, 9:53 PM

Vulnerability Rating

Custom Algorithm
spread
0.0
impact
5.0
exploitability
7.4
remediation
0.0
relevance
9.2
threat
0.0
urgency
2.9
incentive
4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.