Impact
The vulnerability in Oracle In‑Memory Cost Management for Discrete Industries allows an unauthenticated network attacker with HTTPS access to create, modify, or delete critical data. A successful exploitation compromises confidentiality and integrity, granting the attacker full access to all data stored in the component, which can potentially disrupt business operations and compromise sensitive information.
Affected Systems
Affected systems include Oracle Corporation's Oracle In‑Memory Cost Management for Discrete Industries component of Oracle E‑Business Suite, specifically versions 12.2.12 through 12.2.15. Any environment running these releases is at risk.
Risk and Exploitability
The CVSS 3.1 base score of 9.1 reflects a high impact with no authentication required and no user interaction. The EPSS score is less than 1%, indicating a very low probability of exploitation, and the vulnerability is not listed in CISA KEV, suggesting it has not yet been widely compromised. The likely attack vector is a network-based HTTPS session, requiring no special privileges beyond standard protocol traffic, making it easily exploitable for any attacker with network reach to the system.
OpenCVE Enrichment