Oracle Public Sector Financials International
Monthly
Unauthorized data access in Oracle Public Sector Financials (International), a module of Oracle E-Business Suite versions 12.2.6 through 12.2.15, allows low-privileged remote attackers to read sensitive data across module boundaries due to a flaw in the Authorization component. The scope-changed CVSS 7.7 vector indicates exploitation can affect resources beyond the vulnerable component itself, expanding the blast radius to other EBS data. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Unauthorized data access in Oracle Public Sector Financials (International), a module of Oracle E-Business Suite versions 12.2.6 through 12.2.15, allows low-privileged remote attackers to read sensitive data across module boundaries due to a flaw in the Authorization component. The scope-changed CVSS 7.7 vector indicates exploitation can affect resources beyond the vulnerable component itself, expanding the blast radius to other EBS data. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.