PT-2026-34103 · Oracle · Oracle Enterprise Manager Base Platform+1

Published

2026-04-21

Updated

2026-04-26

CVE-2026-34279

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Oracle Enterprise Manager Base Platform versions 13.5 Oracle Enterprise Manager Base Platform version 24.1

Description An issue exists in the Event Management component of the Oracle Enterprise Manager Base Platform. A high privileged attacker with network access via HTTP can exploit this flaw to compromise the platform, potentially leading to a full takeover. The impact may extend beyond the base platform to affect additional products due to a scope change.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

CVE-2026-34279

Affected Products

Oracle Enterprise Manager Base Platform

Enterprise Manager Base Platform

PT-2026-34103 · Oracle · Oracle Enterprise Manager Base Platform+1

CVE-2026-34279

Weakness Enumeration

Related Identifiers

Affected Products

References · 3