Impact
A flaw in Oracle Property Manager allows an attacker who already possesses high‑privilege credentials and network access via HTTP to take complete control of the application. The vulnerability can be exploited with low effort, and successfully compromising the system results in the loss of confidentiality, integrity, and availability of the application and the data it manages. The weakness is indexed by the well‑known CWE classes for privilege enforcement issues.
Affected Systems
Oracle Property Manager from Oracle Corporation is affected. All supported versions from 12.2.3 to 12.2.15 are susceptible.
Risk and Exploitability
With a CVSS base score of 7.2, this flaw carries a substantial impact. The EPSS score of 0–1% indicates low overall exploitation probability, yet the attack is straightforward once the attacker has high‑privilege network access. The vulnerability is not listed in the CISA KEV catalog, so no public exploits are confirmed. Attackers would access the application over HTTP, leverage the privilege escalation flaw, and gain full control of the system.
OpenCVE Enrichment