External risk intelligence

Oracle Enterprise Manager Deployment Library Takeover Vulnerability

CVE advisorySeverity: CRITICAL (CVSS 9.1)

CVE-2026-46875

A critical vulnerability exists in Oracle Enterprise Manager Base Platform's Deployment Library component. An attacker with high privileges and network access via HTTPS could exploit this to take over the platform, potentially affecting other connected products. This could impact confidentiality, integrity, and availab

Oracle Enterprise Manager Base Platform

13.5.0.024.1.0.0.0

Halo Surface Signal

Unlikely · external exposure

2Halo Surface Signal

Oracle Enterprise Manager is typically deployed within internal data center networks to manage enterprise infrastructure. While it is network-accessible via HTTPS, it is generally protected by internal network controls and is not intended to be exposed directly to the public internet in common deployments.

Horizon Alert

Summary of the vulnerability and why it matters

A critical vulnerability has been identified in Oracle Enterprise Manager Base Platform, potentially impacting multiple integrated products. This issue is easily exploitable by a high-privileged attacker with network access, and successful exploitation could lead to a complete takeover of the platform. The main concern is to confirm if our specific configurations are relevant and exposed.

  • Grants attackers full control of the platform.
  • Critical for maintaining platform integrity and operations.
  • Confirm relevance and assess exposure to prevent compromise.

Attack Path

How an attacker could exploit the issue

An attacker with high privileges and network access can exploit this vulnerability by reaching the Deployment Library component of Oracle Enterprise Manager Base Platform via HTTPS. Successful exploitation could lead to a complete takeover of the platform, potentially impacting other connected products.

  • Requires high-privilege network access.
  • Exploited via the Deployment Library component.
  • Allows platform takeover and scope change.

Live Threat

Current exploitation, exposure, and threat context

A highly privileged attacker with network access could compromise the Oracle Enterprise Manager Base Platform. Successful exploitation may lead to a takeover of the platform, potentially impacting additional products managed by it due to the vulnerability's scope.

  • Enterprise Manager Base Platform system.
  • Network access via HTTPS.
  • Complete system takeover is possible.

Operational Fix

Recommended remediation, mitigation, and detection steps

This critical vulnerability in Oracle Enterprise Manager Base Platform, easily exploitable by a highly privileged attacker via HTTPS, requires immediate attention from the Oracle Enterprise Manager administration and the security operations teams. The first step is to identify all deployed instances, confirm their reachability and business criticality, and then work with the accountable owner to plan remediation during the next maintenance window.

  • Enterprise Manager administrators to own remediation.
  • Verify instance reachability and criticality.
  • Plan maintenance window for patching.

Supplementary metadata

PCI scan relevance

Yes

CVE-2026-46875 — Halo PCI Relevance: Yes. Under typical PCI ASV external scan criteria, this issue may be flagged for scan prioritization.

This critical vulnerability in Oracle Enterprise Manager Base Platform allows a high-privileged attacker with network access to take over the platform. This affects PCI data if the platform is used in a cardholder data environment.

Scan-prioritization guidance only—not a PCI DSS certification or ASV attestation.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Validate whether this threat affects your internet-facing exposure.

Halo Threat Intelligence helps prioritize remediation with Halo Surface Signal and H/A/L/O context. Start exposure validation with a free external attack surface trial.

Free EASM Trial See How Signal Works

Frequently asked questions

What is Oracle Enterprise Manager Base Platform?

It is a central administrative suite used by IT teams to monitor, manage, and automate enterprise infrastructure, databases, and middleware. The Deployment Library component, where this issue resides, specifically handles the management and distribution of software packages, plugins, and patches across an organization's managed environment.

What does CVE-2026-46875 mean for system security?

This vulnerability represents a significant security weakness that allows a high-privileged user to gain unauthorized, full control over the platform. Because it involves a scope change, a successful compromise of this core management tool can potentially extend to other integrated products and systems that the platform manages, effectively breaking the chain of trust.

How is this vulnerability triggered?

An attacker must have high-level administrative credentials and network access to the Deployment Library component via HTTPS to initiate an attack. Simple, low-privileged, or unauthenticated network requests do not trigger this vulnerability; it requires existing authorized access to the system to exploit the underlying flaw.

Is my Oracle instance at risk?

Halo Surface Signal indicates that while these instances are network-accessible, they are typically hosted within internal data center networks rather than directly on the public internet. If your deployment follows standard practices and is shielded by internal network controls, the likelihood of an external attacker reaching the vulnerable component is significantly reduced.

What should I do if I run this software?

Begin by inventorying all instances of Oracle Enterprise Manager Base Platform within your environment to determine which are running versions 13.5 or 24.1. Once identified, evaluate the business criticality of those systems and coordinate with your administration team to schedule and apply the necessary vendor updates during a planned maintenance window.

References

Sources and related resources

Primary sources: NVD, CVE.org.

NVDPublished