Impact
Oracle HRMS (UK) Payroll within Oracle E‑Business Suite contains a flaw that can be easily exploited by an attacker who already has high‑level access and can reach the system over HTTP. The vulnerability is a broken access control that permits the attacker to compromise the application, resulting in full takeover of HRMS (UK) and loss of confidentiality, integrity and availability.
Affected Systems
Affected products are Oracle Corp’s Oracle HRMS (UK) Payroll component of Oracle E‑Business Suite. Versions 12.2.3 through 12.2.15 are vulnerable.
Risk and Exploitability
The CVSS 3.1 base score of 7.2 indicates significant impact if exploited. An EPSS score of less than 1% suggests the probability of real‑world exploitation is very low but not zero. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires network access over HTTP and an attacker with high privileges; a successful attack would lead to takeover of the HRMS (UK) services.
OpenCVE Enrichment