Impact
An attacker with network access can reach the Oracle Public Sector Payroll service via HTTP and exploit an easily exploitable vulnerability that allows the attacker to gain high privileged control, effectively taking over the payroll application. The vulnerability can compromise confidentiality, integrity, and availability of payroll data and processes, as indicated by a CVSS 3.1 base score of 7.2.
Affected Systems
The vulnerability affects Oracle Public Sector Payroll, component Internal Operations, on versions 12.2.3 through 12.2.15 of the Oracle E-Business Suite.
Risk and Exploitability
The EPSS score of less than 1% suggests that exploitation is currently unlikely but possible. The vulnerability is not listed in CISA's KEV, yet the high impact and the requirement of a high‑privileged attacker with network access via HTTP make it a moderate to high risk for systems exposed to the network. An attacker would need to be already high privileged within the network with connectivity to the HTTP service to attempt exploitation, making the attack vector relatively simple.
OpenCVE Enrichment