Impact
A remote application flaw in Oracle Financials for EMEA, part of Oracle E‑Business Suite, enables an attacker with high privileged credentials and network access to the HTTP interface to compromise the system. When successfully exploited, the attacker can take full control, thereby compromising confidentiality, integrity, and availability. The CVSS 3.1 base score of 7.2 reflects the high severity of this risk.
Affected Systems
Oracle Corporation’s Oracle Financials for EMEA is affected, specifically the supported versions 12.2.3 through 12.2.15. Users running any of these releases are vulnerable unless updated or patched.
Risk and Exploitability
The vulnerability requires network access to the web interface and a high‑privileged attacker. The EPSS score of less than 1% indicates limited current exploitation activity, and the vulnerability is not listed in CISA’s KEV catalog. Successful exploitation results in a complete takeover of the application, impacting all data and operations. The likely attack vector is remote via the HTTP service.
OpenCVE Enrichment