Oracle Advanced Outbound Telephony's Internal Operations component suffers an easily exploitable flaw that allows an attacker with low privileges and network access via HTTP to compromise the entire application. Successful exploitation results in full takeover, allowing attackers to read confidential data, modify or delete information, and disrupt services. The weakness is a critical security flaw that directly impacts confidentiality, integrity, and availability of the system.

The flaw affects Oracle Corporation's Advanced Outbound Telephony within Oracle E‑Business Suite in versions 12.2.3 through 12.2.15. Deployments of these versions are vulnerable, as the flaw resides in the core Internal Operations component.

The CVSS v3.1 Base Score of 8.8 indicates a high‑severity risk, and the vector (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) shows that an attacker can exploit the vulnerability remotely over HTTP with limited privileges and no user interaction. The EPSS score of < 1% suggests that widespread exploitation is currently unlikely, but the high impact and clear exploitation path warrant immediate attention. The vulnerability is not listed in CISA’s KEV catalog, but the potential for full compromise makes it a top priority for remediation.