CVE-2026-34274

Name of the Vulnerable Software and Affected Versions Oracle E-Business Suite Oracle Configurator versions 12.2.3 through 12.2.15

Description An issue in the User Interface component of the Oracle Configurator product allows an unauthenticated attacker with network access via HTTP to compromise the system. The attack requires human interaction and can lead to unauthorized read, update, insert, or delete access to certain accessible data. While the flaw resides in Oracle Configurator, successful exploitation may significantly impact additional products due to a scope change.

Recommendations For versions 12.2.3 through 12.2.15, at the moment, there is no information about a newer version that contains a fix for this vulnerability.