Impact
Easily exploitable input validation weakness (CWE‑79) in the Metadata Plugin of Oracle Enterprise Manager Base Platform allows an unauthenticated attacker with network access over HTTP to compromise the platform. The vulnerability requires human interaction from another individual, as stated in the CVE description. Successful exploitation can result in full takeover of the platform, compromising confidentiality, integrity and availability.
Affected Systems
This affects Oracle Enterprise Manager Base Platform versions 13.5 and 24.1. The issue is confined to the Metadata Plugin component but can impact other integrated products due to the change of scope.
Risk and Exploitability
The CVSS 3.1 base score of 9.6 indicates a critical severity, while an EPSS score below 1% suggests a low probability of exploitation under current conditions. The vulnerability is not listed in CISA’s KEV catalog, and successful attacks require human interaction from another individual, as stated in the CVE description. Nonetheless, the potential impact of complete platform compromise warrants immediate attention.
OpenCVE Enrichment