Impact
Oracle Quality, part of the Internal Operations component of Oracle E‑Business Suite, contains a vulnerability that allows an attacker with a low level of privileges and network access over HTTP to fully compromise the system. The weakness stems from poor privilege management, flawed authentication, and missing authentication/authorization controls, corresponding to CWE‑269, CWE‑287, and CWE‑306. Successful exploitation results in a complete takeover of the Oracle Quality application, exposing the database to unauthorized read, update, and delete operations while affecting confidentiality, integrity, and availability.
Affected Systems
The affected product is Oracle Quality, with vulnerable versions ranging from 12.2.3 through 12.2.15. All installations of these releases are potentially impacted unless custom security hardening or network restrictions are applied. No other Oracle E‑Business Suite components are listed as affected.
Risk and Exploitability
The CVSS v3.1 base score of 8.8 highlights high severity. The vector (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) indicates that an attacker can operate remotely, only requires low privilege, and does not need user interaction. The EPSS score of <1% suggests that exploits are rare, and the vulnerability is not listed in the CISA KEV catalog. Nevertheless, because a successful attack leads to full application takeover, the overall risk demands prompt mitigation.
OpenCVE Enrichment