The vulnerability occurs in the Deployment Library component of Oracle Enterprise Manager Base Platform and permits an attacker with high privileges and network access over HTTPS to compromise the platform. The impact is total loss of confidentiality, integrity, and availability because the vulnerability is classified as a complete compromise of the system. The CVSS score of 9.1 indicates critical severity and the vector identifies a network attack, local attack tends to a plausible remote data exfiltration or modification scenario.

Oracle Enterprise Manager Base Platform version 13.5 and 24.1 are affected. The product is used in many enterprise environments for monitoring, deployment, and management of cloud and on‑premises assets, and the vulnerability can potentially extend to other Oracle products that rely on the interfacing component.

The EPSS score of less than 1% reflects a very small but non‑zero likelihood that the vulnerability is being actively exploited, and the vulnerability is not yet listed in CISA KEV. Based on the CVSS vector—access via network, low complexity, high privileges required, no user interaction, and scope change—the attacker must already have some high privileged credential on the target system or obtain such through other means, and then use the exposed HTTPS interface to execute the exploit. Successful exploitation can lead to full platform takeover.