E-Business Suite vulnerabilities: known CVEs & security history
Oracle · Actively exploited · 339 tracked CVEs · 1 actively exploited · updated June 2026 · what is a CVE? →
This is the full list of known vulnerabilities (CVEs) across all E-Business Suite release lines — 339 in total, with 1 actively exploited in the wild. A CVE here doesn't mean your version is affected — check E-Business Suite's current status and the safe version to run.
Known E-Business Suite CVEs
Actively-exploited and most-severe first. Showing the top 80 of 339. Open any CVE for full details.
| CVE | Severity | CVSS | EPSS | Year |
|---|---|---|---|---|
| CVE-2022-21587⚡ exploited | critical | 9.8 | 98% | 2022 |
| CVE-2026-46817 | critical | 9.8 | 0% | 2026 |
| CVE-2025-30727 | critical | 9.8 | 0% | 2025 |
| CVE-2004-1363 | critical | 9.8 | 9% | 2004 |
| CVE-2026-46819 | critical | 9.1 | 0% | 2026 |
| CVE-2019-2489 | critical | 9.1 | 2% | 2019 |
| CVE-2019-2453 | critical | 9.1 | 2% | 2019 |
| CVE-2018-2656 | critical | 9.1 | 2% | 2018 |
| CVE-2015-4839 | high | 10 | 4% | 2015 |
| CVE-2015-4798 | high | 10 | 4% | 2015 |
| CVE-2008-1826 | high | 10 | 2% | 2008 |
| CVE-2008-0340 | high | 10 | 3% | 2008 |
| CVE-2008-0343 | high | 10 | 3% | 2008 |
| CVE-2008-0344 | high | 10 | 3% | 2008 |
| CVE-2008-0345 | high | 10 | 3% | 2008 |
| CVE-2008-0346 | high | 10 | 3% | 2008 |
| CVE-2008-0347 | high | 10 | 3% | 2008 |
| CVE-2008-0348 | high | 10 | 3% | 2008 |
| CVE-2008-0349 | high | 10 | 3% | 2008 |
| CVE-2007-5528 | high | 10 | 2% | 2007 |
| CVE-2007-2126 | high | 10 | 2% | 2007 |
| CVE-2007-2127 | high | 10 | 2% | 2007 |
| CVE-2006-5348 | high | 10 | 2% | 2006 |
| CVE-2006-5354 | high | 10 | 2% | 2006 |
| CVE-2006-5355 | high | 10 | 2% | 2006 |
| CVE-2006-5359 | high | 10 | 3% | 2006 |
| CVE-2006-5365 | high | 10 | 2% | 2006 |
| CVE-2006-5368 | high | 10 | 2% | 2006 |
| CVE-2006-5369 | high | 10 | 3% | 2006 |
| CVE-2006-5370 | high | 10 | 3% | 2006 |
| CVE-2006-3716 | high | 10 | 4% | 2006 |
| CVE-2006-3717 | high | 10 | 4% | 2006 |
| CVE-2006-1880 | high | 10 | 4% | 2006 |
| CVE-2006-1881 | high | 10 | 3% | 2006 |
| CVE-2006-1882 | high | 10 | 6% | 2006 |
| CVE-2006-1883 | high | 10 | 3% | 2006 |
| CVE-2006-1884 | high | 10 | 4% | 2006 |
| CVE-2006-0277 | high | 10 | 4% | 2006 |
| CVE-2006-0278 | high | 10 | 4% | 2006 |
| CVE-2006-0279 | high | 10 | 4% | 2006 |
| CVE-2006-0284 | high | 10 | 5% | 2006 |
| CVE-2006-0288 | high | 10 | 7% | 2006 |
| CVE-2006-0289 | high | 10 | 11% | 2006 |
| CVE-2006-0290 | high | 10 | 5% | 2006 |
| CVE-2006-0291 | high | 10 | 5% | 2006 |
| CVE-2005-3455 | high | 10 | 4% | 2005 |
| CVE-2005-3456 | high | 10 | 2% | 2005 |
| CVE-2005-3457 | high | 10 | 4% | 2005 |
| CVE-2005-3458 | high | 10 | 2% | 2005 |
| CVE-2005-3459 | high | 10 | 4% | 2005 |
| CVE-2004-0543 | high | 10 | 7% | 2004 |
| CVE-2004-0385 | high | 10 | 16% | 2004 |
| CVE-2007-2170 | high | 9.4 | 4% | 2007 |
| CVE-2007-2128 | high | 9 | 3% | 2007 |
| CVE-2007-2130 | high | 9 | 3% | 2007 |
| CVE-2006-5367 | high | 9 | 3% | 2006 |
| CVE-2006-5371 | high | 9 | 3% | 2006 |
| CVE-2006-5372 | high | 9 | 3% | 2006 |
| CVE-2006-5373 | high | 9 | 3% | 2006 |
| CVE-2004-1371 | high | 9 | 11% | 2004 |
| CVE-2026-46837 | high | 8.8 | 0% | 2026 |
| CVE-2026-46827 | high | 8.8 | 0% | 2026 |
| CVE-2026-46826 | high | 8.8 | 0% | 2026 |
| CVE-2004-1364 | high | 8.5 | 14% | 2004 |
| CVE-2019-2551 | high | 8.2 | 1% | 2019 |
| CVE-2019-2498 | high | 8.2 | 2% | 2019 |
| CVE-2019-2497 | high | 8.2 | 2% | 2019 |
| CVE-2019-2470 | high | 8.2 | 2% | 2019 |
| CVE-2019-2440 | high | 8.2 | 2% | 2019 |
| CVE-2019-2400 | high | 8.2 | 2% | 2019 |
| CVE-2026-46828 | high | 8.1 | 0% | 2026 |
| CVE-2025-21516 | high | 8.1 | 1% | 2025 |
| CVE-2025-21506 | high | 8.1 | 1% | 2025 |
| CVE-2024-21282 | high | 8.1 | 0% | 2024 |
| CVE-2024-21279 | high | 8.1 | 0% | 2024 |
| CVE-2024-21278 | high | 8.1 | 0% | 2024 |
| CVE-2024-21277 | high | 8.1 | 0% | 2024 |
| CVE-2024-21276 | high | 8.1 | 0% | 2024 |
| CVE-2024-21275 | high | 8.1 | 0% | 2024 |
| CVE-2024-21271 | high | 8.1 | 0% | 2024 |
259 older / lower-severity CVEs not shown — see E-Business Suite's full record.
Is my E-Business Suite version affected?
The list above spans every release. To know whether your version is affected — and the minimum safe version to upgrade to — check it directly.
Check your E-Business Suite version → · Monitor E-Business Suite for new CVEs →
E-Business Suite vulnerabilities — frequently asked
How many known vulnerabilities does E-Business Suite have?
IsItPatched tracks 339 CVEs for E-Business Suite, 1 of which is actively exploited (CISA KEV). 8 are critical-severity and 105 high-severity. These span every release line — what matters is whether the version you run is affected.
Does E-Business Suite have any actively-exploited vulnerabilities?
Yes — 1 E-Business Suite CVE is in CISA's Known Exploited Vulnerabilities catalog, meaning it is confirmed exploited in the wild (1 linked to ransomware). Patch it as a priority.
What is the most severe E-Business Suite vulnerability?
Among tracked issues, CVE-2022-21587 (CRITICAL, CVSS 9.8), which is actively exploited, ranks highest — a Missing authentication weakness.
Is E-Business Suite safe to use?
It depends on the version. The latest supported E-Business Suite release clears the known issues; older versions may still be affected. Check the exact version you run for a verdict.
CVE data aggregated from NVD, CISA KEV and EPSS (FIRST.org). Related: E-Business Suite security status · E-Business Suite end-of-life · actively-exploited CVEs. Always verify against Oracle's advisories — see our disclaimer.