Impact
The vulnerability allows a low‑privileged attacker with network access over HTTP to create, delete or the framework can see. These actions can compromise confidentiality and integrity of the business information handled by Oracle Enterprise Command Center Framework. This flaw corresponds to Improper Access Control (CWE-284) and Missing Authorization (CWE-269), underpinning the unauthorized data modifications.
Affected Systems
Oracle Enterprise Command Center Framework versions 15 and 16 are affected. These versions are part of Oracle E‑Business Suite and form the Core component of the framework.
Risk and Exploitability
The CVSS v3.1 score is 9.6, indicating a high severity flaw with Confidentiality and Integrity impacts. The EPSS score is less than 1%, signifying a very low but non‑zero probability of exploitation at the time of analysis. The vulnerability is not yet listed in the CISA KEV catalogue. The attack vector is inferred to be network based, accessed via HTTP, and requires only local privileges on the network. Successful exploitation can lead to broad changes to critical data and potentially expose all framework‑accessible information.
OpenCVE Enrichment