Impact
A vulnerability in the Extensibility Framework component of Oracle Enterprise Manager Base Platform allows an attacker with high privileges and network access via HTTPS to compromise the platform. Successful exploitation can result in a full takeover of the platform, providing the attacker with unrestricted control over the system and all data managed by the platform. The weakness impacts confidentiality, integrity, and availability, as reflected in the CVSS vector CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H.
Affected Systems
Oracle Corporation’s Oracle Enterprise Manager Base Platform, specifically versions 13.5 and 24.1, are affected by this vulnerability.
Risk and Exploitability
The CVSS base score of 7.2 indicates a high severity, and the EPSS score of less than 1% suggests that, at present, the likelihood of exploitation is low. However, because the vulnerability is remotely exploitable over HTTPS and not listed in the CISA KEV catalog, organizations should treat it with caution and seek remediation promptly. Attackers with high privileges could leverage the flaw to gain complete control of the platform, leading to catastrophic data loss or service disruption.
OpenCVE Enrichment