Impact
The flaw resides in the Java Business Objects component of Oracle Application Development Framework (ADF) and can be exploited only by an attacker who already has high‑privileged access to the host machine where ADF runs. Successful exploitation grants the attacker unauthorized access to critical data or, in the worst case, all data that ADF can reach. The impact is limited to confidentiality and does not affect integrity or availability.
Affected Systems
Oracle ADF versions 12.2.1.4.0 and 14.1.2.0 of Oracle Fusion Middleware are affected. Any deployment that hosts ADF and allows local high‑privilege users is potentially vulnerable.
Risk and Exploitability
The CVSS base score of 4.1 reflects a moderate risk primarily because the attack requires local high‑privileged access. The EPSS score of less than 1% indicates a very low probability of exploitation in the wild, and the vulnerability is not listed in the CISA KEV catalog. Nevertheless, environments that host ADF should treat the flaw as a privilege‑escalation risk if local system access is compromised.
OpenCVE Enrichment