Impact
A flaw in Oracle Outsourced Mfg for Discrete Industries allows a low‑privileged attacker with network access via HTTP to compromise the system, potentially leading to a full takeover. The vulnerability results in complete loss of confidentiality, integrity and availability and is rated CVSS 3.1 base 8.8.
Affected Systems
Oracle E‑Business Suite product Oracle Outsourced Mfg for Discrete Industries, versions 12.2.3 through 12.2.15 are affected.
Risk and Exploitability
The vulnerability is remotely exploitable over the network using standard HTTP traffic. The EPSS score of less than 1% indicates a low but present exploitation probability, and the issue is not listed in CISA’s KEV catalog. Given the high CVSS score and the low‑privilege requirement, an attacker could quickly transition to full system compromise if no mitigations are in place.
OpenCVE Enrichment