Impact
A vulnerability in the Internal Operations component of Oracle Receivables allows an unauthenticated attacker with network access to the SOAP interface to compromise the application. Successful exploitation can lead to full control of Oracle Receivables, causing significant confidentiality, integrity, and availability damage as reflected in the CVSS 3.1 base score of 8.1. The detailed description does not state the exact weakness type but indicates that authentication and access controls are insufficient.
Affected Systems
Oracle Corporation’s Oracle Receivables component of Oracle E‑Business Suite is affected. The vulnerability applies to product releases from version 12.2.3 through 12.2.15.
Risk and Exploitability
The CVSS score of 8.1 marks this issue as high severity, while the EPSS score of less than 1 % indicates that exploitation is considered unlikely at present. The vulnerability is not listed in CISA’s KEV catalog. A remote attacker does not need authentication and can attack over the SOAP service accessible on the network, which provides a broad attack surface for adversaries seeking full system control.
OpenCVE Enrichment