{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-34279", "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "state": "PUBLISHED", "assignerShortName": "oracle", "dateReserved": "2026-03-26T19:48:45.675Z", "datePublished": "2026-04-21T20:35:20.053Z", "dateUpdated": "2026-04-22T03:56:23.474Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle", "dateUpdated": "2026-04-21T20:35:20.053Z"}, "problemTypes": [{"descriptions": [{"lang": "en-US", "description": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Enterprise Manager Base Platform. While the vulnerability is in Oracle Enterprise Manager Base Platform, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Enterprise Manager Base Platform."}]}], "affected": [{"vendor": "Oracle Corporation", "product": "Oracle Enterprise Manager Base Platform", "versions": [{"version": "13.5", "status": "affected", "versionType": "semver"}, {"version": "24.1", "status": "affected", "versionType": "semver"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5:*:*:*:*:*:*:*"}, {"vulnerable": true, "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:24.1:*:*:*:*:*:*:*"}]}]}], "descriptions": [{"lang": "en-US", "value": "Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Event Management). Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Enterprise Manager Base Platform. While the vulnerability is in Oracle Enterprise Manager Base Platform, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Enterprise Manager Base Platform. CVSS 3.1 Base Score 9.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)."}], "references": [{"url": "https://www.oracle.com/security-alerts/cpuapr2026.html", "name": "Oracle Advisory", "tags": ["vendor-advisory"]}], "metrics": [{"cvssV3_1": {"attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "baseScore": 9.1, "baseSeverity": "CRITICAL"}}]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-21T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-34279"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-22T03:56:23.474Z"}}]}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Event Management). Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Enterprise Manager Base Platform. While the vulnerability is in Oracle Enterprise Manager Base Platform, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Enterprise Manager Base Platform. CVSS 3.1 Base Score 9.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)."}], "id": "CVE-2026-34279", "lastModified": "2026-04-21T21:16:32.180", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 6.0, "source": "secalert_us@oracle.com", "type": "Primary"}]}, "published": "2026-04-21T21:16:32.180", "references": [{"source": "secalert_us@oracle.com", "url": "https://www.oracle.com/security-alerts/cpuapr2026.html"}], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Received"}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "13.5"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "24.1"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Oracle Enterprise Manager Base Platform", "source": "cna", "vendor": "Oracle Corporation"}, "product": "enterprise_manager_base_platform", "vendor": "oracle"}], "analysis": {"en": {"generated_at": "2026-04-22T05:05:30.664742+00:00", "value": {"mitigation_remediation": ["Apply the latest Oracle Enterprise Manager Base Platform patch or upgrade to a non\u2011affected version.", "Restrict HTTP access to the Event Management component by configuring firewalls or network segmentation to limit who can reach the vulnerable interfaces.", "Disable or remove the Event Management feature if it is not required for your environment to eliminate the attack surface."], "summary": {"action": "Patch", "impact": "Remote Platform Compromise"}, "threat_synthesis": {"affected_systems": "Oracle Enterprise Manager Base Platform versions 13.5 and 24.1 are affected.", "description_and_impact": "An easily exploitable flaw in the Event Management component of Oracle Enterprise Manager Base Platform allows an attacker who already possesses high privileges and can reach the system over a network to take over the platform. The vulnerability can lead to the compromise of confidentiality, integrity, and availability of the affected system.", "risk_and_exploitability": "The CVSS base score of 9.1 indicates a very high severity. The exploit vector is network-based HTTP access, although the attacker must already hold high privileges. No EPSS score is available, and the vulnerability is not listed in CISA\u2019s KEV catalog, but the high score and known impact suggest it is likely to be targeted by sophisticated threat actors."}}}}, "created": "2026-04-22T02:45:05.856432+00:00", "title": "Event Management Remote Platform Compromise in Oracle Enterprise Manager Base Platform (13.5/24.1)", "updated": "2026-04-22T05:15:06.065824+00:00", "vendors": ["oracle", "oracle$PRODUCT$enterprise_manager_base_platform"], "weaknesses": ["CWE-284"]}