{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/oracle-payments-12.2.3-12.2.15/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":["cpe:2.3:a:oracle:e-business_suite:*:*:*:*:*:*:*:*","cpe:2.3:a:oracle:concurrent_processing:*:*:*:*:*:*:*:*","cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.61:*:*:*:*:*:*:*","cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.62:*:*:*:*:*:*:*"],"_cs_cves":[{"cvss":9.8,"id":"CVE-2026-46817"},{"cvss":9.8,"id":"CVE-2025-61882"},{"cvss":9.8,"id":"CVE-2026-35273"}],"_cs_exploited":false,"_cs_has_poc":true,"_cs_poc_references":[],"_cs_products":["E-Business Suite","Oracle Payments","Oracle E-Business Suite","Oracle Payments (12.2.3-12.2.15)","E-Business Suite Payments"],"_cs_severities":["critical"],"_cs_tags":["cve","oracle","ebusiness suite","rce","unauthenticated","privilege-escalation"],"_cs_type":"advisory","_cs_vendors":["Oracle"],"content_html":"\u003cp\u003eCVE-2026-46817 is a critical vulnerability affecting the Oracle Payments product within the Oracle E-Business Suite. Specifically, the issue resides in the File Transmission component. The vulnerability impacts versions 12.2.3 through 12.2.15. This is an easily exploitable vulnerability, as it requires no authentication and can be triggered via network access over HTTP. Successful exploitation of this vulnerability can lead to a complete takeover of Oracle Payments, allowing attackers to gain full control over the application and its data. Defenders should prioritize patching affected systems.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies an Oracle E-Business Suite instance running a vulnerable version of Oracle Payments (12.2.3 - 12.2.15).\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP request targeting the File Transmission component.\u003c/li\u003e\n\u003cli\u003eThe request bypasses authentication checks due to the nature of the vulnerability.\u003c/li\u003e\n\u003cli\u003eThe crafted request exploits a flaw in how the File Transmission component handles file operations.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages the file operation vulnerability to execute arbitrary code on the server.\u003c/li\u003e\n\u003cli\u003eThe attacker gains initial access to the Oracle Payments server with the privileges of the application user.\u003c/li\u003e\n\u003cli\u003eThe attacker escalates privileges within the Oracle Payments system, potentially gaining root or administrator access.\u003c/li\u003e\n\u003cli\u003eThe attacker achieves a full takeover of Oracle Payments, enabling them to access sensitive data, modify configurations, and potentially pivot to other systems within the network.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-46817 allows an unauthenticated attacker to completely compromise an Oracle Payments instance. Given the role of Oracle Payments in managing financial transactions within the E-Business Suite, this could lead to significant financial losses, data breaches, and disruption of business operations. This vulnerability affects versions 12.2.3-12.2.15, potentially impacting a large number of organizations using Oracle E-Business Suite for their financial operations.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the Oracle patch for CVE-2026-46817 to remediate the vulnerability in the File Transmission component of Oracle Payments.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026quot;Detect CVE-2026-46817 Exploitation Attempt - HTTP Request to Oracle Payments File Transmission\u0026quot; to identify potential exploitation attempts targeting the vulnerable component.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious HTTP requests to the File Transmission component, specifically looking for unusual parameters or file operations.\u003c/li\u003e\n\u003cli\u003eImplement network segmentation to limit the impact of a successful attack on Oracle Payments by restricting access to other critical systems.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-15T16:50:05Z","date_published":"2026-05-28T21:17:36Z","id":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-46817-oracle-payments-rce/","summary":"CVE-2026-46817 is a critical vulnerability in Oracle Payments component of Oracle E-Business Suite versions 12.2.3 through 12.2.15, allowing an unauthenticated attacker with network access via HTTP to compromise the application and potentially achieve complete takeover.","title":"CVE-2026-46817 - Oracle Payments Unauthenticated Remote Takeover via HTTP","url":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-46817-oracle-payments-rce/"}],"language":"en","title":"CraftedSignal Threat Feed - Oracle Payments (12.2.3-12.2.15)","version":"https://jsonfeed.org/version/1.1"}