Oracle Process Manufacturing Product Development
Monthly
Account takeover in Oracle E-Business Suite's Process Manufacturing Product Development component (versions 12.2.3 through 12.2.15) allows a low-privileged remote attacker to fully compromise the module via HTTP and pivot into other Oracle products through a CVSS scope change. Oracle rates the issue 9.9/10 and describes it as easily exploitable; no public exploit identified at time of analysis and the CVE is not on the CISA KEV list.
Account takeover of Oracle Process Manufacturing Product Development (versions 12.2.3-12.2.15) is achievable by a low-privileged remote attacker over HTTP via the Quality Management Specs component. The flaw scores CVSS 8.8 with full confidentiality, integrity, and availability impact, and Oracle classifies it as easily exploitable; no public exploit identified at time of analysis and it is not listed in CISA KEV.
Account takeover in Oracle E-Business Suite's Process Manufacturing Product Development component (versions 12.2.3 through 12.2.15) allows a low-privileged remote attacker to fully compromise the module via HTTP and pivot into other Oracle products through a CVSS scope change. Oracle rates the issue 9.9/10 and describes it as easily exploitable; no public exploit identified at time of analysis and the CVE is not on the CISA KEV list.
Account takeover of Oracle Process Manufacturing Product Development (versions 12.2.3-12.2.15) is achievable by a low-privileged remote attacker over HTTP via the Quality Management Specs component. The flaw scores CVSS 8.8 with full confidentiality, integrity, and availability impact, and Oracle classifies it as easily exploitable; no public exploit identified at time of analysis and it is not listed in CISA KEV.