CVE-2026-22011 — Vulnetix

CVE-2026-22011 PUBLISHED CVSS 7.599999904632568 HIGH

Vulnerability in the Oracle Applications DBA product of Oracle E-Business Suite (component: ADPatch). Supported versions that are affected are 12.2.3-12.2.15. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Applications DBA. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Applications DBA, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Applications DBA. CVSS 3.1 Base Score 7.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H).

Risk Scores

CVSS v3.1

7.599999904632568

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
Oracle Corporation	Oracle Applications DBA	12.2.3
oracle	applications_dba	12.2.3

Timeline

Apr 21, 2026 CVE Published
Apr 22, 2026 Security Advisory
Apr 22, 2026 CVE Updated

References

Oracle Advisory vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2026-22011 advisory

Open in Interactive Console →