External risk intelligence

Oracle Enterprise Manager Base Platform Takeover Vulnerability

CVE advisorySeverity: CRITICAL (CVSS 9.8)

CVE-2026-46857

A critical vulnerability in Oracle Enterprise Manager Base Platform allows unauthenticated network attackers to compromise the system, potentially leading to a complete takeover. This issue affects the confidentiality, integrity, and availability of the platform and its managed resources, making it a significant concer

Oracle Enterprise Manager Base Platform

13.5.0.024.1.0.0.0

Halo Surface Signal

Likely · external exposure

4Halo Surface Signal

Oracle Enterprise Manager is a management platform typically deployed in a centralized, network-accessible manner to manage enterprise infrastructure. While it is often restricted to internal management networks, it is frequently configured with web interfaces that are reachable across network segments, making it a common target for network-based access in many enterprise deployments.

Horizon Alert

Summary of the vulnerability and why it matters

A critical vulnerability has been identified in Oracle Enterprise Manager Base Platform, a product used for managing enterprise infrastructure. This issue could allow an attacker to completely take over the platform, potentially impacting the availability and integrity of managed systems. The main concern is confirming relevance and exposure.

  • Unauthenticated attackers can fully control the management platform.
  • It manages critical enterprise infrastructure.
  • Confirm if this management platform is in use.

Attack Path

How an attacker could exploit the issue

An attacker could initiate a network-based attack against Oracle Enterprise Manager Base Platform by targeting its Oracle Management Service component. This vulnerability is easily exploitable and does not require any prior authentication. Successful exploitation allows an attacker to gain complete control over the affected platform.

  • No authentication required for attack.
  • Network access via HTTP is sufficient.
  • Full platform takeover is the risk.

Live Threat

Current exploitation, exposure, and threat context

This vulnerability could allow an unauthenticated attacker with network access to compromise Oracle Enterprise Manager Base Platform, potentially leading to a full takeover of the system. This could affect the confidentiality, integrity, and availability of the platform and any resources it manages.

  • Oracle Enterprise Manager Base Platform data.
  • Network access via HTTP.
  • Complete system takeover.

Operational Fix

Recommended remediation, mitigation, and detection steps

Given the critical nature of this vulnerability in Oracle Enterprise Manager Base Platform, ownership likely falls to the infrastructure or platform teams responsible for managing this central component, with potential coordination required from vendor management. The immediate priority is to identify all instances of the affected product, assess their network exposure, confirm business criticality, and then engage the accountable owner to plan remediation within a suitable maintenance window.

  • Confirm ownership and scope of affected systems.
  • Verify network exposure and business criticality.
  • Plan phased remediation or risk reduction.

Supplementary metadata

PCI scan relevance

Yes

CVE-2026-46857 — Halo PCI Relevance: Yes. Under typical PCI ASV external scan criteria, this issue may be flagged for scan prioritization.

This vulnerability in Oracle Enterprise Manager Base Platform allows an unauthenticated attacker to compromise the system, potentially leading to a full takeover. This type of severe authentication bypass and remote code execution is critical for PCI compliance.

Scan-prioritization guidance only—not a PCI DSS certification or ASV attestation.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Validate whether this threat affects your internet-facing exposure.

Halo Threat Intelligence helps prioritize remediation with Halo Surface Signal and H/A/L/O context. Start exposure validation with a free external attack surface trial.

Free EASM Trial See How Signal Works

Frequently asked questions

What is Oracle Enterprise Manager Base Platform?

Oracle Enterprise Manager Base Platform is a centralized software suite used by IT teams to monitor, manage, and automate enterprise-wide infrastructure. The Oracle Management Service component acts as the core engine for these operations, providing the web-based interfaces and services necessary to oversee complex data centers and managed resources from a single location.

How does CVE-2026-46857 work?

This vulnerability is classified as an improper access control issue (CWE-284). In plain terms, it means the software fails to properly verify who is trying to access its management functions. Because of this weakness, the system can be tricked into granting full administrative control to an unauthorized person, effectively bypassing the security gates designed to protect the platform's core operations.

Do I need to be logged in for this to be triggered?

No. The vulnerability does not require any prior authentication or special user privileges. An attacker only needs network-level access to the Oracle Management Service component via HTTP to attempt an exploit. Internal actions that do not involve HTTP-based network communication with this component are not the primary focus for this specific bug.

Is my system at risk if it is not on the public internet?

According to Halo Surface Signal, this software is often deployed in centralized, network-accessible configurations. Even if your installation is not directly on the public internet, it may be reachable across internal network segments used by other parts of the enterprise. You should assess if the management interface is accessible from any network zone that an attacker could reach.

What is the first step if I run this software?

Identify all active instances of the affected versions, specifically 13.5 and 24.1. Once located, verify the network accessibility of these platforms and determine their business criticality. Engage your infrastructure or platform teams immediately to confirm ownership and coordinate a plan for remediation, ensuring the security of these central management systems is restored promptly.

References

Sources and related resources

Primary sources: NVD, CVE.org.

NVDPublished