CVE-2026-46771 | THREATINT

Description

Vulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middleware (component: Java Business Objects). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Application Development Framework (ADF) executes to compromise Oracle Application Development Framework (ADF). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Application Development Framework (ADF) accessible data. CVSS 3.1 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N).

PUBLISHED Reserved 2026-05-18 | Published 2026-06-16 | Updated 2026-06-16 | Assigner oracle

MEDIUM: 4.1CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

Problem types

Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Application Development Framework (ADF) executes to compromise Oracle Application Development Framework (ADF). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Application Development Framework (ADF) accessible data.

Product status

12.2.1.4.0 (semver)

affected

14.1.2.0.0 (semver)

affected

References

www.oracle.com/security-alerts/cspujun2026.html (Oracle Advisory) vendor-advisory

cve.org (CVE-2026-46771)

nvd.nist.gov (CVE-2026-46771)

Download JSON