VDB
CVE-2026-22014
CVE-2026-22014
PUBLISHED
CVSS 3.799999952316284 LOW
Vulnerability in the Oracle User Management product of Oracle E-Business Suite (component: Workflow and Business Events). Supported versions that are affected are 12.2.7-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle User Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle User Management accessible data as well as unauthorized read access to a subset of Oracle User Management accessible data. CVSS 3.1 Base Score 3.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N).
EPSS 0.03% · 9.5th percentile
Risk Scores
CVSS 3.1
3.799999952316284
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
EPSS Score
0.03%
9.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| oracle | user_management | 12.2.7 |
| Oracle Corporation | Oracle User Management | 12.2.7 |
Exploit Intelligence
- Oracle Advisory (circl)
- vulnerability.ts (github-poc)
- vulnerability.ts (github-poc)
- vulnerability.ts (github-poc)
- vulnerability.ts (github-poc)
- seed-data.ts (github-poc)
- seed-data.ts (github-poc)
- seed-data.ts (github-poc)
- seed-data.ts (github-poc)
Timeline
- Apr 21, 2026 CVE Published
- Apr 22, 2026 Security Advisory
- Apr 22, 2026 CVE Updated
- May 18, 2026 EPSS Score
- May 19, 2026 EPSS Score
- May 20, 2026 EPSS Score
- May 21, 2026 EPSS Score
- May 22, 2026 EPSS Score
- May 23, 2026 EPSS Score
- May 24, 2026 EPSS Score
- May 25, 2026 EPSS Score
- May 26, 2026 EPSS Score
References
- Oracle Advisory vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-22014 advisory