External risk intelligence

Oracle Enterprise Manager Base Platform Install Vulnerability Allows Data Modification and Denial of Service.

CVE advisorySeverity: CRITICAL (CVSS 9.0)

CVE-2026-46872

A vulnerability exists in Oracle Enterprise Manager Base Platform's installation component, allowing a high-privilege attacker with network access to compromise the platform. This could lead to unauthorized data modification or deletion, unauthorized data reading, or denial of service by causing the platform to crash.

Oracle Enterprise Manager Base Platform

13.5.0.024.1.0.0.0

Halo Surface Signal

Unlikely · external exposure

2Halo Surface Signal

Oracle Enterprise Manager is typically deployed in internal management or administrative environments to oversee enterprise infrastructure. While it utilizes HTTPS and is network-reachable, it is generally positioned behind firewalls and not intended for direct public internet exposure.

Horizon Alert

Summary of the vulnerability and why it matters

A vulnerability has been identified in Oracle Enterprise Manager Base Platform, potentially impacting supported versions. This issue could allow a highly privileged attacker with network access to gain unauthorized control, leading to data modification or denial of service. While the vulnerability is within the Base Platform, it may affect other connected products. The main concern is confirming relevance and exposure within your environment.

  • The issue allows attackers unauthorized access.
  • Leadership should remember it impacts critical systems.
  • Confirm if Oracle Enterprise Manager is in use.

Attack Path

How an attacker could exploit the issue

An attacker with high privileges and network access could exploit a vulnerability in the Oracle Enterprise Manager Base Platform's installation component. This would allow them to compromise the platform via HTTPS, potentially impacting other connected products. Successful exploitation could lead to unauthorized data modification or deletion, unauthorized data reading, or denial of service by crashing the platform.

  • Requires high privileges and network access.
  • Exploited via the installation component.
  • Risk of data compromise and denial of service.

Live Threat

Current exploitation, exposure, and threat context

A highly privileged attacker with network access could exploit this vulnerability to gain unauthorized access to critical data within Oracle Enterprise Manager Base Platform, potentially leading to data modification or deletion. The impact may extend to other products managed by the platform, and the attacker could also cause the platform to crash or become unavailable.

  • Critical platform data could be affected.
  • Exploitation may occur via network access.
  • System unavailability or data compromise.

Operational Fix

Recommended remediation, mitigation, and detection steps

Real-World Ownership

Given that Oracle Enterprise Manager Base Platform is a critical component for managing enterprise infrastructure, responsibility for addressing this vulnerability likely falls to a combination of application owners and infrastructure or platform teams. The initial and most crucial step is to accurately identify all instances of the affected Oracle Enterprise Manager Base Platform within your environment. Once located, determine its reachability, assess its business criticality, and confirm the accountable owner before planning a coordinated remediation effort based on the identified risk.

  • Own by: Application and infrastructure teams.
  • Verify first: Affected instances and business criticality.
  • Action: Plan risk-based remediation.

Supplementary metadata

PCI scan relevance

Yes

CVE-2026-46872 — Halo PCI Relevance: Yes. Under typical PCI ASV external scan criteria, this issue may be flagged for scan prioritization.

This vulnerability in Oracle Enterprise Manager Base Platform allows a highly privileged attacker to modify critical data, leading to a PCI scan failure. The exploit impacts confidentiality, integrity, and availability.

Scan-prioritization guidance only—not a PCI DSS certification or ASV attestation.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:H

Validate whether this threat affects your internet-facing exposure.

Halo Threat Intelligence helps prioritize remediation with Halo Surface Signal and H/A/L/O context. Start exposure validation with a free external attack surface trial.

Free EASM Trial See How Signal Works

Frequently asked questions

What is Oracle Enterprise Manager Base Platform?

Oracle Enterprise Manager Base Platform is a centralized management software used by organizations to monitor, manage, and automate their enterprise IT infrastructure, including databases, applications, and hardware. The 'Install' component, specifically mentioned in this advisory, is part of the foundational framework responsible for deploying and configuring these management capabilities across an environment.

What does CVE-2026-46872 mean in plain English?

This CVE describes a critical security weakness within the installation component of the Oracle platform. It allows an attacker who already possesses high-level administrative credentials and network access to manipulate the system remotely over HTTPS. This can result in unauthorized changes to sensitive data, unintended access to platform information, or the ability to crash the system, causing a complete denial of service.

How is this vulnerability triggered?

To trigger this vulnerability, an attacker must have existing high-level administrative privileges and reach the platform via a network connection using HTTPS. The flaw resides specifically within the installation component; therefore, actions that do not involve interacting with this specific component or using administrative credentials to send malicious network requests will not trigger this vulnerability.

Do I need to worry if my system is internal?

According to Halo Surface Signal, this software is typically deployed in internal administrative environments behind firewalls and is not intended for public internet exposure. While the platform is network-reachable, its internal placement reduces the likelihood of external attacks. However, because the vulnerability allows high-impact actions, it remains relevant for internal security governance and access control monitoring.

How should I respond to this threat?

Your first step is to perform an asset discovery to identify every instance of Oracle Enterprise Manager Base Platform running in your environment. Once identified, confirm which instances are running the affected versions (13.5 or 24.1). After assessing your inventory, work with your infrastructure and application teams to evaluate the business criticality of these systems and coordinate a prioritized remediation plan.

References

Sources and related resources

Primary sources: NVD, CVE.org.

NVDPublished