Impact
The Oracle Enterprise Command Center Framework contains a flaw that can be easily exploited by an attacker who has low privileges and can reach the system over HTTPS. When successfully leveraged, the vulnerability devastates confidentiality, integrity and availability, allowing an attacker to take full control of the framework. The CVSS vector indicates no user interaction is required and the attack can be performed remotely with minimal effort.
Affected Systems
Oracle Corporation’s Oracle Enterprise Command Center Framework, specifically versions 15 and 16, are affected. The vulnerability resides in the Core component of Oracle E‑Business Suite.
Risk and Exploitability
Based on the description, the attack vector is a low‑privileged attacker sending an HTTPS request to Oracle Enterprise Command Center Framework. The CVSS base score of 9.9 indicates critical impacts to confidentiality, integrity and availability. The EPSS score of less than 1% suggests a low but not negligible exploitation probability, and the vulnerability is not listed in CISA’s KEV catalog. The attacker requires only minimal effort and no user interaction to succeed.
OpenCVE Enrichment