Impact
Oracle HR Intelligence is vulnerable to a network-based flaw that allows an attacker with high-level privileges and HTTP access to take complete control of the system. Exploitation results in full takeover, exposing, altering, or destroying confidential HR data and disrupting operational availability. The weakness affects confidentiality, integrity, and availability and is classified under a CVSS base score of 7.2, indicating a high impact scenario.
Affected Systems
Oracle Corporation – Oracle HR Intelligence, affected versions 12.2.3 through 12.2.15.
Risk and Exploitability
The vulnerability is rated CVSS 3.1 with an accessibility score of 7.2 and an EPSS of less than 1 %. It is not listed in the CISA KEV catalog. Attackers need network connectivity via HTTP and privilege level H; the flaw entails improper access control that allows a high privileged user to override security checks and lock the application into an insecure state. The low EPSS suggests that, at present, exploitation is unlikely, but the high impact warrants immediate concern.
OpenCVE Enrichment