Severity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
OEM is reachable over HTTPS (AV:N), exploitation is low-complexity (AC:L), a low-privileged account is required (PR:L), no user interaction is needed, and takeover plus scope change yields S:C with full CIA impact.
Primary rating from Vendor (oracle).
CVSS VectorVendor: oracle
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Discovery Framework). Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Enterprise Manager Base Platform. While the vulnerability is in Oracle Enterprise Manager Base Platform, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Enterprise Manager Base Platform. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
AnalysisAI
Privileged takeover of Oracle Enterprise Manager Base Platform 13.5 and 24.1 is possible through the Discovery Framework component, where a low-privileged authenticated attacker with HTTPS access can fully compromise the platform and impact adjacent products via a scope change. The flaw carries a CVSS 3.1 score of 9.9 with full confidentiality, integrity, and availability impact, and no public exploit identified at time of analysis. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Attacker must hold valid credentials for any low-privileged Oracle Enterprise Manager account (PR:L) and have HTTPS network reachability to the OEM Base Platform console exposing the Discovery Framework component on versions 13.5 or 24.1. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Real-world risk is high. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with any low-privileged OEM account - for example, a compromised monitoring user or service credential - authenticates to the OEM console over HTTPS and submits a crafted request to the Discovery Framework component. The flaw allows the attacker to escalate to full platform takeover and, via the scope change (S:C), pivot operations into other Oracle products managed by OEM such as databases or middleware targets. … |
| Remediation | Apply the patches delivered in the Oracle June 2026 Critical Patch Update (cspujun2026) for Oracle Enterprise Manager Base Platform 13.5 and 24.1 as documented at https://www.oracle.com/security-alerts/cspujun2026.html - patch available per vendor advisory, with exact bundle patch numbers to be obtained from the CPU matrix and My Oracle Support. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: identify all instances of Enterprise Manager 13.5 and 24.1 in production; restrict HTTPS access to Enterprise Manager via firewall rules to whitelisted administrative IP ranges only; review and disable unnecessary low-privilege service accounts with platform access. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Full takeover of Oracle Enterprise Manager Base Platform 13.5 and 24.1 is possible by a low-privileged remote attacker v
Privileged takeover of Oracle Enterprise Manager Base Platform versions 13.5 and 24.1 is possible through the Metadata P
Privilege escalation and full takeover in Oracle Enterprise Manager Base Platform 13.5 and 24.1 (Target Management compo
Remote code execution in Oracle Enterprise Manager Base Platform versions 13.5 and 24.1 allows unauthenticated network a
Remote takeover of Oracle Enterprise Manager Base Platform 13.5 and 24.1 is possible when an unauthenticated attacker ov
Cross-scope takeover of Oracle Enterprise Manager Base Platform 13.5 and 24.1 allows unauthenticated remote attackers to
Privileged takeover of Oracle Enterprise Manager Base Platform 13.5 and 24.1 is possible via the Deployment Library comp
Privileged remote tampering in Oracle Enterprise Manager Base Platform 13.5 and 24.1 (Install component) allows an authe
Authenticated takeover of Oracle Enterprise Manager Base Platform 13.5 and 24.1 is possible via the Agent Next Gen compo
Remote denial-of-service and data tampering in Oracle Enterprise Manager Base Platform 13.5 and 24.1 allows unauthentica
Privileged local compromise in Oracle Enterprise Manager Base Platform 13.5 and 24.1 (Extensibility Framework component)
Full takeover of Oracle Enterprise Manager Base Platform (versions 13.5 and 24.1) is possible by an authenticated, high-
Same weakness CWE-284 – Improper Access Control
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-37335