Oracle Isupport
Monthly
Takeover of Oracle iSupport in Oracle E-Business Suite versions 12.2.3 through 12.2.15 is achievable by an authenticated high-privileged attacker over HTTP, with scope-changed impact extending to additional EBS components. The CVSS 3.1 base score of 9.1 reflects full confidentiality, integrity, and availability loss beyond the vulnerable component itself. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Privileged remote takeover of Oracle iSupport (Oracle E-Business Suite, Internal Operations component) affects versions 12.2.3 through 12.2.15, where an authenticated high-privilege attacker with HTTP access can fully compromise the application with scope change into adjacent E-Business Suite components. The CVSS 9.1 score reflects the cross-component blast radius rather than ease of access, since PR:H means the attacker must already hold elevated privileges. No public exploit identified at time of analysis and the issue is not listed on CISA KEV.
Full takeover of Oracle iSupport (component: Internal Operations) in Oracle E-Business Suite versions 12.2.3 through 12.2.15 is achievable by an authenticated high-privileged attacker over HTTP, with a scope change that lets the attack significantly impact additional products beyond iSupport itself. The flaw carries a CVSS 3.1 base score of 9.1 with confidentiality, integrity, and availability all rated High, and no public exploit identified at time of analysis. The vendor (Oracle) is the sole reporting source via the June 2026 Critical Patch Update advisory.
Takeover of Oracle iSupport in Oracle E-Business Suite versions 12.2.3 through 12.2.15 is achievable by an authenticated high-privileged attacker over HTTP, with scope-changed impact extending to additional EBS components. The CVSS 3.1 base score of 9.1 reflects full confidentiality, integrity, and availability loss beyond the vulnerable component itself. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Privileged remote takeover of Oracle iSupport (Oracle E-Business Suite, Internal Operations component) affects versions 12.2.3 through 12.2.15, where an authenticated high-privilege attacker with HTTP access can fully compromise the application with scope change into adjacent E-Business Suite components. The CVSS 9.1 score reflects the cross-component blast radius rather than ease of access, since PR:H means the attacker must already hold elevated privileges. No public exploit identified at time of analysis and the issue is not listed on CISA KEV.
Full takeover of Oracle iSupport (component: Internal Operations) in Oracle E-Business Suite versions 12.2.3 through 12.2.15 is achievable by an authenticated high-privileged attacker over HTTP, with a scope change that lets the attack significantly impact additional products beyond iSupport itself. The flaw carries a CVSS 3.1 base score of 9.1 with confidentiality, integrity, and availability all rated High, and no public exploit identified at time of analysis. The vendor (Oracle) is the sole reporting source via the June 2026 Critical Patch Update advisory.