CVE-2026-22014 — Vulnetix

CVE-2026-22014 PUBLISHED CVSS 3.799999952316284 LOW

Vulnerability in the Oracle User Management product of Oracle E-Business Suite (component: Workflow and Business Events). Supported versions that are affected are 12.2.7-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle User Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle User Management accessible data as well as unauthorized read access to a subset of Oracle User Management accessible data. CVSS 3.1 Base Score 3.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N).

Risk Scores

CVSS v3.1

3.799999952316284

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

Affected Products

Vendor	Product	Versions
oracle	user_management	12.2.7
Oracle Corporation	Oracle User Management	12.2.7

Timeline

Apr 21, 2026 CVE Published
Apr 22, 2026 Security Advisory
Apr 22, 2026 CVE Updated

References

Oracle Advisory vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2026-22014 advisory

Open in Interactive Console →