External risk intelligence

Oracle Enterprise Manager Base Platform Takeover Vulnerability

CVE advisorySeverity: CRITICAL (CVSS 9.9)

CVE-2026-46854

A critical vulnerability in Oracle Enterprise Manager Base Platform allows a low-privileged attacker with network access to compromise the system. Successful exploitation could lead to a complete takeover of the platform, impacting other connected products and potentially causing significant data loss or unauthorized a

Oracle Enterprise Manager Base Platform

13.5.0.024.1.0.0.0

Halo Surface Signal

Likely · external exposure

4Halo Surface Signal

Oracle Enterprise Manager is commonly deployed as a centralized management and monitoring platform. While often restricted to internal administrative networks, it frequently functions as an enterprise-wide gateway or management portal that is accessible via HTTP/network interfaces for administrators and systems, making it a common target for network-based access in many organizational deployments.

Horizon Alert

Summary of the vulnerability and why it matters

A critical vulnerability has been identified in Oracle Enterprise Manager Base Platform, a key technology for managing and monitoring enterprise systems. This issue is easily exploitable by an attacker with limited privileges, potentially leading to a full compromise of the platform and impacting other connected products. The high severity score indicates significant potential for confidentiality, integrity, and availability loss.

  • An access flaw in system management software.
  • Centralized management systems are often high-value targets.
  • Confirm relevance and assess potential exposure.

Attack Path

How an attacker could exploit the issue

An attacker with network access and limited privileges could exploit this vulnerability by targeting the Target Management component of Oracle Enterprise Manager Base Platform via HTTP. Successful exploitation allows the attacker to compromise the platform, potentially leading to a complete takeover of the Oracle Enterprise Manager Base Platform and impacting other connected products.

  • Network access required.
  • HTTP request to vulnerable component.
  • Full platform compromise.

Live Threat

Current exploitation, exposure, and threat context

A low-privileged attacker with network access could exploit this vulnerability to gain complete control of the Oracle Enterprise Manager Base Platform, potentially impacting other connected products. This could lead to unauthorized access and manipulation of system data and configurations.

  • Oracle Enterprise Manager Base Platform system data at risk.
  • Network access via HTTP could allow exposure.
  • Complete takeover of the management platform.

Operational Fix

Recommended remediation, mitigation, and detection steps

Oracle Enterprise Manager Base Platform is a critical management system. Given its role, application owners and infrastructure teams are likely responsible for addressing this vulnerability. The first step involves identifying all deployments, assessing their reachability and business criticality, and pinpointing the accountable owner for prompt remediation planning.

  • Application and infrastructure teams own remediation.
  • Verify platform reachability and criticality.
  • Plan maintenance for risk reduction.

Supplementary metadata

PCI scan relevance

Yes

CVE-2026-46854 — Halo PCI Relevance: Yes. Under typical PCI ASV external scan criteria, this issue may be flagged for scan prioritization.

This vulnerability in Oracle Enterprise Manager Base Platform has a high CVSS score, making it relevant for PCI compliance scans that require remediation of vulnerabilities rated 4.0 or higher.

Scan-prioritization guidance only—not a PCI DSS certification or ASV attestation.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Validate whether this threat affects your internet-facing exposure.

Halo Threat Intelligence helps prioritize remediation with Halo Surface Signal and H/A/L/O context. Start exposure validation with a free external attack surface trial.

Free EASM Trial See How Signal Works

Frequently asked questions

What is Oracle Enterprise Manager Base Platform?

Oracle Enterprise Manager Base Platform is a centralized software suite used by IT departments to monitor, manage, and automate operations across an entire enterprise infrastructure. It acts as a command center for databases, applications, and hardware, providing administrators with a unified interface to ensure system health and performance across various environments.

What does CWE-284 mean for CVE-2026-46854?

CVE-2026-46854 involves CWE-284, which is a weakness class related to Improper Access Control. In this context, it means the software fails to properly verify that a user has the correct permissions to perform specific actions. Because of this flaw, an attacker with low-level privileges can bypass intended security restrictions to access or manipulate sensitive parts of the platform.

How is this vulnerability triggered?

The vulnerability is triggered when an attacker with existing low-level network access sends a specifically crafted HTTP request to the Target Management component. It is important to note that this does not require high-level administrative credentials to initiate; however, the attack must be able to communicate with the service over the network to interact with the vulnerable component.

Is my system at risk according to Halo Surface Signal?

Halo Surface Signal notes that while Oracle Enterprise Manager is often kept on internal networks, it frequently functions as a centralized gateway for administrative tasks. Because it is designed to be accessible via HTTP, systems that are reachable over the network are considered a higher priority for evaluation, as they present a potential surface for external or lateral access.

What steps should I take if I use this software?

Begin by inventorying your environment to locate all instances of Oracle Enterprise Manager Base Platform. Once identified, evaluate the network accessibility and business criticality of each instance. Finally, coordinate with your infrastructure and application teams to determine the appropriate maintenance window to apply security updates provided by the vendor.

References

Sources and related resources

Primary sources: NVD, CVE.org.

NVDPublished