CWE-284— Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.— MITRE CWE catalog
4,712 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-284page 89 of 95
- CVE-2026-46844CRITICALCVSS 9.9EG 9.92026-06-17
Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Security Framework). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged …
- CVE-2026-46847CRITICALCVSS 9.9EG 9.92026-06-17
Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Runtime Tools). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attac…
- CVE-2026-46848HIGHCVSS 7.9EG 7.92026-06-17
Vulnerability in the WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 14.1.2.0.0 and 15.1.1.0.0. Easily exploitable vulnerability allows low privileged attacker with logon…
- CVE-2026-46849HIGHCVSS 8.1EG 8.12026-06-17
Vulnerability in the PeopleSoft Enterprise CS Student Financials product of Oracle PeopleSoft (component: Other). The supported version that is affected is 9.2.38. Easily exploitable vulnerability allows low privileged attacker with netw…
- CVE-2026-46854CRITICALCVSS 9.9EG 9.92026-06-17
Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Target Management). Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows low privile…
- CVE-2026-46855CRITICALCVSS 9.9EG 9.92026-06-17
Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Metadata Plugin). Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows low privilege…
- CVE-2026-46857CRITICALCVSS 9.8EG 9.82026-06-17
Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Oracle Management Service). Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows una…
- CVE-2026-46858CRITICALCVSS 9.1EG 9.12026-06-17
Vulnerability in the APM - Application Performance Management product of Oracle Enterprise Manager (component: JADM, JVM Diagnostics). Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows unauth…
- CVE-2026-46860CRITICALCVSS 9.8EG 9.82026-06-17
Vulnerability in the MySQL Router product of Oracle MySQL (component: Router: General). Supported versions that are affected are 9.0.0-9.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to…
- CVE-2026-46861CRITICALCVSS 9.6EG 9.62026-06-17
Vulnerability in the MySQL NDB Cluster product of Oracle MySQL (component: Cluster: NDB Operator). Supported versions that are affected are 8.0.11-8.0.46, 8.4.0-8.4.9 and 9.0.0-9.7.0. Easily exploitable vulnerability allows low privi…
- CVE-2026-46864HIGHCVSS 8.8EG 8.82026-06-17
Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Agent Next Gen). Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows low privileged…
- CVE-2026-46865HIGHCVSS 8.2EG 8.22026-06-17
Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Extensibility Framework). Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows high …
- CVE-2026-46868HIGHCVSS 7.2EG 7.22026-06-17
Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Extensibility Framework). Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows high …
- CVE-2026-46870HIGHCVSS 8.5EG 8.52026-06-17
Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell for VS Code). The supported version that is affected is 2026.2.0+9.6.1. Difficult to exploit vulnerability allows low privileged attacker with network access via …
- CVE-2026-46871MEDIUMCVSS 6.5EG 6.52026-06-17
Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell for VS Code). The supported version that is affected is 2026.2.0+9.6.1. Easily exploitable vulnerability allows low privileged attacker with network access via mu…
- CVE-2026-46872CRITICALCVSS 9.0EG 9.02026-06-17
Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Install). Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows high privileged attac…
- CVE-2026-46875CRITICALCVSS 9.1EG 9.12026-06-17
Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Deployment Library). Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows high privi…
- CVE-2026-46878CRITICALCVSS 9.8EG 9.82026-06-17
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Enterprise Infrastructure Security). Supported versions that are affected are 9.2.0.0-9.2.26.2. Easily exploitable vulnerability allows unauthent…
- CVE-2026-46880CRITICALCVSS 9.8EG 9.82026-06-17
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Enterprise Infrastructure Security). Supported versions that are affected are 9.2.0.0-9.2.26.2. Easily exploitable vulnerability allows unauthent…
- CVE-2026-46881CRITICALCVSS 9.8EG 9.82026-06-17
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Enterprise Infrastructure Security). Supported versions that are affected are 9.2.0.0-9.2.26.2. Easily exploitable vulnerability allows unauthent…
- CVE-2026-46882CRITICALCVSS 9.8EG 9.82026-06-17
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Enterprise Infrastructure Security). Supported versions that are affected are 9.2.0.0-9.2.26.2. Easily exploitable vulnerability allows unauthent…
- CVE-2026-46883CRITICALCVSS 9.8EG 9.82026-06-17
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Enterprise Infrastructure Security). Supported versions that are affected are 9.2.0.0-9.2.26.2. Easily exploitable vulnerability allows unauthent…
- CVE-2026-46884CRITICALCVSS 9.8EG 9.82026-06-17
Vulnerability in the Siebel Apps - Marketing product of Oracle Siebel CRM (component: Marketing). Supported versions that are affected are 17.0-26.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via…
- CVE-2026-46886HIGHCVSS 8.8EG 8.82026-06-17
Vulnerability in the Siebel Apps - Marketing product of Oracle Siebel CRM (component: Marketing). Supported versions that are affected are 17.0-26.5. Easily exploitable vulnerability allows low privileged attacker with network access via …
- CVE-2026-46887CRITICALCVSS 9.8EG 9.82026-06-17
Vulnerability in the Siebel Apps - Marketing product of Oracle Siebel CRM (component: Marketing). Supported versions that are affected are 17.0-26.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via…
- CVE-2026-46888HIGHCVSS 7.8EG 7.82026-06-17
Vulnerability in the Siebel CRM Deployment product of Oracle Siebel CRM (component: Database Upgrade). Supported versions that are affected are 17.0-26.5. Easily exploitable vulnerability allows low privileged attacker with logon to the i…
- CVE-2026-46889CRITICALCVSS 9.8EG 9.82026-06-17
Vulnerability in the Siebel Apps - Marketing product of Oracle Siebel CRM (component: Marketing). Supported versions that are affected are 17.0-26.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via…
- CVE-2026-46890CRITICALCVSS 9.8EG 9.82026-06-17
Vulnerability in the Siebel Apps - Marketing product of Oracle Siebel CRM (component: Marketing). Supported versions that are affected are 17.0-26.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via…
- CVE-2026-46891HIGHCVSS 8.1EG 8.12026-06-17
Vulnerability in the JD Edwards EnterpriseOne Accounts Payable product of Oracle JD Edwards (component: Accounts Payable). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker wit…
- CVE-2026-46892CRITICALCVSS 9.1EG 9.12026-06-17
Vulnerability in the JD Edwards EnterpriseOne Human Resources Management product of Oracle JD Edwards (component: Human Resources). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated at…
- CVE-2026-46895CRITICALCVSS 9.9EG 9.92026-06-17
Vulnerability in the Oracle Enterprise Command Center Framework product of Oracle E-Business Suite (component: Core). Supported versions that are affected are V15 and V16. Easily exploitable vulnerability allows low privileged attacker w…
- CVE-2026-46896CRITICALCVSS 9.1EG 9.12026-06-17
Vulnerability in the Oracle Enterprise Command Center Framework product of Oracle E-Business Suite (component: Core). Supported versions that are affected are V15 and V16. Easily exploitable vulnerability allows high privileged attacker …
- CVE-2026-46897CRITICALCVSS 9.9EG 9.92026-06-17
Vulnerability in the Oracle Enterprise Command Center Framework product of Oracle E-Business Suite (component: Core). Supported versions that are affected are V15 and V16. Easily exploitable vulnerability allows low privileged attacker w…
- CVE-2026-46898HIGHCVSS 8.1EG 8.12026-06-17
Vulnerability in the Oracle Enterprise Command Center Framework product of Oracle E-Business Suite (component: Core). Supported versions that are affected are V15 and V16. Easily exploitable vulnerability allows unauthenticated attacker …
- CVE-2026-46899CRITICALCVSS 9.6EG 9.62026-06-17
Vulnerability in the Oracle Enterprise Command Center Framework product of Oracle E-Business Suite (component: Core). Supported versions that are affected are V15 and V16. Easily exploitable vulnerability allows low privileged attacker w…
- CVE-2026-46900CRITICALCVSS 9.9EG 9.92026-06-17
Vulnerability in the Oracle Enterprise Command Center Framework product of Oracle E-Business Suite (component: Core). Supported versions that are affected are V15 and V16. Easily exploitable vulnerability allows low privileged attacker w…
- CVE-2026-46901CRITICALCVSS 9.9EG 9.92026-06-17
Vulnerability in the Oracle Enterprise Command Center Framework product of Oracle E-Business Suite (component: Core). Supported versions that are affected are V15 and V16. Easily exploitable vulnerability allows low privileged attacker w…
- CVE-2026-46902CRITICALCVSS 9.8EG 9.82026-06-17
Vulnerability in the Oracle Enterprise Command Center Framework product of Oracle E-Business Suite (component: Core). Supported versions that are affected are V15 and V16. Easily exploitable vulnerability allows unauthenticated attacker …
- CVE-2026-46904CRITICALCVSS 9.8EG 9.82026-06-17
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Enterprise Infrastructure Security). Supported versions that are affected are 9.2.0.0-9.2.26.2. Easily exploitable vulnerability allows unauthent…
- CVE-2026-46906CRITICALCVSS 9.6EG 9.62026-06-17
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Enterprise Infrastructure Security). Supported versions that are affected are 9.2.0.0-9.2.26.2. Easily exploitable vulnerability allows low privi…
- CVE-2026-46907CRITICALCVSS 9.9EG 9.92026-06-17
Vulnerability in the JD Edwards EnterpriseOne Order Promising product of Oracle JD Edwards (component: Order Promising Integration). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged at…
- CVE-2026-46908CRITICALCVSS 9.9EG 9.92026-06-17
Vulnerability in the JD Edwards EnterpriseOne Accounts Payable product of Oracle JD Edwards (component: Accounts Payable). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker wit…
- CVE-2026-46909CRITICALCVSS 9.8EG 9.82026-06-17
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Enterprise Infrastructure Security). Supported versions that are affected are 9.2.0.0-9.2.26.2. Easily exploitable vulnerability allows unauthent…
- CVE-2026-46910CRITICALCVSS 9.1EG 9.12026-06-17
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Enterprise Infrastructure Security). Supported versions that are affected are 9.2.0.0-9.2.26.2. Easily exploitable vulnerability allows unauthent…
- CVE-2026-46911CRITICALCVSS 9.6EG 9.62026-06-17
Vulnerability in the JD Edwards EnterpriseOne Project Costing product of Oracle JD Edwards (component: Job Costing). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with netw…
- CVE-2026-46912CRITICALCVSS 9.3EG 9.32026-06-17
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime Security). Supported versions that are affected are 9.2.0.0-9.2.26.2. Easily exploitable vulnerability allows unauthenticated attacke…
- CVE-2026-46913CRITICALCVSS 9.3EG 9.32026-06-17
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Installation Security). Supported versions that are affected are 9.2.0.0-9.2.26.2. Easily exploitable vulnerability allows unauthenticated attack…
- CVE-2026-46915HIGHCVSS 8.5EG 8.52026-06-17
Vulnerability in the Oracle Complex Maintenance, Repair and Overhaul product of Oracle E-Business Suite (component: Production). Supported versions that are affected are 12.2.3-12.2.15. Difficult to exploit vulnerability allows low privil…
- CVE-2026-46916HIGHCVSS 8.8EG 8.82026-06-17
Vulnerability in the Oracle Process Manufacturing Product Development product of Oracle E-Business Suite (component: Quality Management Specs). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allo…
- CVE-2026-46918CRITICALCVSS 9.9EG 9.92026-06-17
Vulnerability in the Oracle Process Manufacturing Product Development product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows lo…
Map vulnerabilities like CWE-284 to your infrastructure
EchelonGraph correlates every CVE — across CWE-284 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →