Impact
The vulnerability in Oracle Subledger Accounting allows a low‑privileged attacker with HTTP network access to fully compromise the application. The flaw is an improper access control weakness that enables unauthorized users to perform privileged operations, resulting in loss of confidentiality, integrity, and availability of the accounting data.
Affected Systems
Oracle Subledger Accounting component of Oracle E‑Business Suite, versions 12.2.3 through 12.2.15, is affected. The issue resides in the Internal Operations component that is exposed over HTTP.
Risk and Exploitability
The CVSS base score of 7.5 indicates moderate‑to‑high severity, while the EPSS score of less than 1% suggests a low probability of exploitation presently. The vulnerability is not included in the CISA KEV catalog. The likely attack path involves a network‑level attacker sending carefully crafted HTTP requests to the exposed Internal Operations interface, exploiting the access‑control weakness to achieve a full takeover of the Subledger Accounting service.
OpenCVE Enrichment