Severity by source
AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
OEM management interface is network-reachable over HTTPS (AV:N/AC:L), exploitation requires an OEM super-admin (PR:H), no user interaction, and Deployment Library abuse crosses into managed products (S:C) with full C/I/A.
Primary rating from Vendor (oracle).
CVSS VectorVendor: oracle
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Deployment Library). Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows high privileged attacker with network access via HTTPS to compromise Oracle Enterprise Manager Base Platform. While the vulnerability is in Oracle Enterprise Manager Base Platform, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Enterprise Manager Base Platform. CVSS 3.1 Base Score 9.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).
AnalysisAI
Privileged takeover of Oracle Enterprise Manager Base Platform 13.5 and 24.1 is possible via the Deployment Library component, where a high-privileged attacker with HTTPS network access can fully compromise the platform and pivot into other managed Oracle products through a scope change. No public exploit identified at time of analysis, but the CVSS 3.1 score of 9.1 reflects severe confidentiality, integrity, and availability impact across multiple downstream systems. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires high-privileged authenticated access to Oracle Enterprise Manager Base Platform 13.5 or 24.1 (PR:H) and network reachability to the OEM HTTPS management interface (AV:N, AC:L), with no user interaction needed. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Signals are mixed: the CVSS 3.1 base score of 9.1 is critical largely because of S:C (scope change) and full C/I/A impact, but PR:H means the attacker must already hold high privileges on OEM - a substantial pre-condition that lowers realistic likelihood of opportunistic exploitation. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has phished or otherwise obtained an OEM administrator credential authenticates to the OMS over HTTPS and abuses the Deployment Library component to perform actions that escape the OEM trust boundary, taking over OEM itself and pivoting to push malicious artifacts or commands toward managed databases and middleware. Because S:C, the resulting impact extends beyond OEM into the broader Oracle estate it manages. … |
| Remediation | Apply the patches from the Oracle Critical Patch Update of June 2026 referenced at https://www.oracle.com/security-alerts/cspujun2026.html, which is the vendor-released fix for OEM Base Platform 13.5 and 24.1; exact patched build numbers are listed in the Oracle advisory matrix and should be matched to your OEM release. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Identify all Enterprise Manager Base Platform instances running versions 13.5 or 24.1 and restrict HTTPS administrative access to privileged networks. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Full takeover of Oracle Enterprise Manager Base Platform 13.5 and 24.1 is possible by a low-privileged remote attacker v
Privileged takeover of Oracle Enterprise Manager Base Platform versions 13.5 and 24.1 is possible through the Metadata P
Privilege escalation and full takeover in Oracle Enterprise Manager Base Platform 13.5 and 24.1 (Target Management compo
Privileged takeover of Oracle Enterprise Manager Base Platform 13.5 and 24.1 is possible through the Discovery Framework
Remote code execution in Oracle Enterprise Manager Base Platform versions 13.5 and 24.1 allows unauthenticated network a
Remote takeover of Oracle Enterprise Manager Base Platform 13.5 and 24.1 is possible when an unauthenticated attacker ov
Cross-scope takeover of Oracle Enterprise Manager Base Platform 13.5 and 24.1 allows unauthenticated remote attackers to
Privileged remote tampering in Oracle Enterprise Manager Base Platform 13.5 and 24.1 (Install component) allows an authe
Authenticated takeover of Oracle Enterprise Manager Base Platform 13.5 and 24.1 is possible via the Agent Next Gen compo
Remote denial-of-service and data tampering in Oracle Enterprise Manager Base Platform 13.5 and 24.1 allows unauthentica
Privileged local compromise in Oracle Enterprise Manager Base Platform 13.5 and 24.1 (Extensibility Framework component)
Full takeover of Oracle Enterprise Manager Base Platform (versions 13.5 and 24.1) is possible by an authenticated, high-
Same weakness CWE-284 – Improper Access Control
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-37368