Impact
The Oracle Quality component of Oracle E‑Business Suite contains a weakness that permits a low‑privileged user with network access to the HTTP interface to obtain full control of the system. The flaw is a privilege escalation issue (CWE‑269) compounded by insufficient authentication, authorization and session management (CWE‑287 and CWE‑306), allowing the attacker to bypass security. Successful exploitation can compromise confidentiality, integrity and availability, resulting in a complete takeover of Oracle Quality.
Affected Systems
Affected versions range from 12.2.3 through 12.2.15 of Oracle Quality. The product resides within the Internal Operations component of Oracle E‑Business Suite and is deployed by organizations that manage Oracle Quality processes.
Risk and Exploitability
The CVSS 8.8 vector indicates a high‑severity, network‑based attack that requires low effort and low‑privileged attacker. The EPSS score of less than 1% suggests exploitation is currently unlikely, but the vulnerability is not listed in the CISA KEV catalog. Because the flaw is remotely exploitable over HTTP without local privileges, any machine hosting Oracle Quality that is reachable from outside the trusted network faces a serious risk of compromise.
OpenCVE Enrichment