Impact
The flaw allows an attacker with low privileges and network access through HTTP to take complete control of Oracle Outsourced Mfg for Discrete Industries. An attacker who exploits this vulnerability could compromise all aspects of confidentiality, integrity, and availability. The CVSS vector indicates that the risk is high across all categories.
Affected Systems
This vulnerability affects Oracle Corporation’s Outsourced Mfg for Discrete Industries component of Oracle E‑Business Suite. All supported releases from version 12.2.3 through 12.2.15 are vulnerable, and any deployment that exposes the internal operations interface over HTTP remains at risk.
Risk and Exploitability
With a CVSS base score of 8.8 and an EPSS score of less than 1 %, the likelihood of exploitation in the wild is low, but the severity is high. The vulnerability is not listed in the CISA KEV catalog; however, an attacker who can reach the product via the standard HTTP port could easily exploit the flaw without elevated credentials, providing a straightforward path to takeover.
OpenCVE Enrichment