{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/internet-procurement-connector/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":9.1,"id":"CVE-2026-46819"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Internet Procurement Connector"],"_cs_severities":["critical"],"_cs_tags":["cve","rce","oracle"],"_cs_type":"advisory","_cs_vendors":["Oracle"],"content_html":"\u003cp\u003eCVE-2026-46819 is a critical vulnerability within the Internal Operations component of Oracle Internet Procurement Connector, a part of Oracle E-Business Suite. The vulnerability affects supported versions 12.2.3 through 12.2.15. This easily exploitable flaw allows an unauthenticated attacker with network access via HTTP to compromise the Oracle Internet Procurement Connector. Successful exploitation can lead to unauthorized creation, deletion, or modification of critical data, as well as unauthorized access to sensitive information. This poses a significant risk to organizations using the affected versions of Oracle E-Business Suite.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a vulnerable Oracle Internet Procurement Connector instance accessible via HTTP.\u003c/li\u003e\n\u003cli\u003eThe attacker sends a specially crafted HTTP request to the vulnerable Internal Operations component.\u003c/li\u003e\n\u003cli\u003eThe crafted request exploits the lack of authentication and authorization checks.\u003c/li\u003e\n\u003cli\u003eThe vulnerability allows the attacker to bypass security controls.\u003c/li\u003e\n\u003cli\u003eThe attacker gains unauthorized access to the Oracle Internet Procurement Connector's data.\u003c/li\u003e\n\u003cli\u003eThe attacker creates, modifies, or deletes critical data within the system.\u003c/li\u003e\n\u003cli\u003eThe attacker exfiltrates sensitive data from the Oracle Internet Procurement Connector.\u003c/li\u003e\n\u003cli\u003eThe attacker achieves complete compromise of the Oracle Internet Procurement Connector, potentially impacting other connected systems.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-46819 can result in unauthorized creation, deletion, or modification of critical data, as well as unauthorized access to sensitive information. The vulnerability has a CVSS 3.1 base score of 9.1, indicating a critical impact on confidentiality and integrity. This could lead to significant financial losses, reputational damage, and regulatory fines for affected organizations. The lack of authentication required for exploitation makes this vulnerability particularly dangerous.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the security patches provided by Oracle to address CVE-2026-46819 on all affected Oracle Internet Procurement Connector instances (versions 12.2.3-12.2.15).\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule to detect potential exploitation attempts against the Internal Operations component of Oracle Internet Procurement Connector.\u003c/li\u003e\n\u003cli\u003eMonitor HTTP traffic to Oracle Internet Procurement Connector instances for suspicious patterns and unauthorized access attempts.\u003c/li\u003e\n\u003cli\u003eImplement network segmentation to limit the potential impact of a successful exploitation of CVE-2026-46819.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-28T21:17:50Z","date_published":"2026-05-28T21:17:50Z","id":"https://feed.craftedsignal.io/briefs/2026-05-oracle-internet-procurement-rce/","summary":"CVE-2026-46819 is a critical vulnerability in Oracle Internet Procurement Connector versions 12.2.3-12.2.15 that allows an unauthenticated attacker with network access via HTTP to compromise the system, leading to unauthorized data access, modification, or deletion.","title":"CVE-2026-46819: Oracle Internet Procurement Connector Unauthenticated Remote Code Execution","url":"https://feed.craftedsignal.io/briefs/2026-05-oracle-internet-procurement-rce/"}],"language":"en","title":"CraftedSignal Threat Feed - Internet Procurement Connector","version":"https://jsonfeed.org/version/1.1"}