Impact
This vulnerability enables an attacker with high privileges who has network connectivity to the Oracle Cost Management web interface to compromise the system. The flaw is exploitable over HTTP and can lead to full control of the Cost Management service, impacting confidentiality, integrity, and availability. The weakness is associated with improper privileged access controls.
Affected Systems
Oracle Cost Management component of Oracle E‑Business Suite, versions 12.2.3 through 12.2.15, are vulnerable. The affected application runs within the Cost Planning module.
Risk and Exploitability
The CVSS score of 7.2 indicates a high impact if exploited, while an EPSS score of less than 1% suggests a low likelihood of exploitation in the wild. The vulnerability is not listed in CISA’s KEV catalog. The attack vector is inferred to be remote over HTTP; the attacker requires high privileges but may use publicly accessible endpoints within the enterprise network.
OpenCVE Enrichment