Oracle Project Portfolio Analysis
Monthly
Authenticated takeover of Oracle Project Portfolio Analysis (E-Business Suite versions 12.2.3 through 12.2.15) is possible over HTTP, allowing a low-privileged attacker to fully compromise the application's confidentiality, integrity, and availability. Oracle rates this as easily exploitable with a CVSS 3.1 base score of 8.8, though no public exploit identified at time of analysis. The flaw resides in the Internal Operations component and was disclosed in Oracle's June 2026 Critical Patch Update.
Account takeover in Oracle Project Portfolio Analysis (E-Business Suite component Internal Operations) versions 12.2.3 through 12.2.15 allows a low-privileged authenticated attacker to fully compromise the module over HTTP. Oracle's June 2026 Critical Patch Update rates the issue 8.8 with high confidentiality, integrity, and availability impacts, and the CVSS vector flags it as easily exploitable; no public exploit identified at time of analysis and the issue is not on CISA KEV.
Full product takeover of Oracle Project Portfolio Analysis (E-Business Suite component Internal Operations) is possible by an authenticated high-privileged attacker over HTTP, affecting supported versions 12.2.3 through 12.2.15. The flaw yields complete confidentiality, integrity, and availability impact on the application. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Authenticated takeover of Oracle Project Portfolio Analysis (E-Business Suite versions 12.2.3 through 12.2.15) is possible over HTTP, allowing a low-privileged attacker to fully compromise the application's confidentiality, integrity, and availability. Oracle rates this as easily exploitable with a CVSS 3.1 base score of 8.8, though no public exploit identified at time of analysis. The flaw resides in the Internal Operations component and was disclosed in Oracle's June 2026 Critical Patch Update.
Account takeover in Oracle Project Portfolio Analysis (E-Business Suite component Internal Operations) versions 12.2.3 through 12.2.15 allows a low-privileged authenticated attacker to fully compromise the module over HTTP. Oracle's June 2026 Critical Patch Update rates the issue 8.8 with high confidentiality, integrity, and availability impacts, and the CVSS vector flags it as easily exploitable; no public exploit identified at time of analysis and the issue is not on CISA KEV.
Full product takeover of Oracle Project Portfolio Analysis (E-Business Suite component Internal Operations) is possible by an authenticated high-privileged attacker over HTTP, affecting supported versions 12.2.3 through 12.2.15. The flaw yields complete confidentiality, integrity, and availability impact on the application. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.