Impact
Oracle Process Manufacturing Process Planning is vulnerable to a low‑privileged network attack that can be carried out via HTTP. An attacker who can reach the component over the network can exploit this flaw to achieve full compromise of the system, resulting in loss of confidentiality, integrity and availability. The vulnerability is scored highly with a CVSS 3.1 base score of 8.8, indicating a severe risk profile.
Affected Systems
The affected product is Oracle Process Manufacturing Process Planning from Oracle E‑Business Suite. The vulnerability covers supported releases 12.2.3 through 12.2.15.
Risk and Exploitability
The EPSS score is less than 1% and the vulnerability is not listed in the CISA KEV catalog, yet the high CVSS rating shows it is a serious flaw. The exploit requires only network connectivity to the component over HTTP and low privileges; no additional pre‑conditions are described, implying it is an easy attack vector that can be executed by an external actor with a low‑privileged account.
OpenCVE Enrichment