Impact
The vulnerability in Oracle Project Portfolio Analysis allows a low privileged attacker with network access via HTTP to compromise the application, potentially resulting in full takeover and affecting confidentiality, integrity, and availability. The CVSS 3.1 score of 8.8 indicates high severity. The weakness appears to stem from improper access control or authorization, permitting lower privileged users to elevate privileges and control the system.
Affected Systems
Oracle Corporation’s Oracle Project Portfolio Analysis, versions 12.2.3 through 12.2.15 are affected. The product is part of the Oracle E‑Business Suite internal operations component.
Risk and Exploitability
The CVSS score of 8.8 demonstrates a serious impact, but the EPSS score of less than 1 % indicates that exploitation is currently rare. The vulnerability is not listed in CISA KEV. The likely attack vector is via network HTTP from a low privileged user, and success would give the attacker full control over the application.
OpenCVE Enrichment