Oracle Quality
Monthly
Account takeover in the Oracle Quality module of Oracle E-Business Suite 12.2.3 through 12.2.15 allows a low-privileged attacker with HTTP network access to fully compromise the Quality component, impacting confidentiality, integrity, and availability (CVSS 3.1 8.8). The flaw resides in the Internal Operations component and is rated easily exploitable by Oracle's own advisory, though no public exploit identified at time of analysis and the issue is not yet listed in CISA KEV.
Account takeover of the Oracle Quality module in Oracle E-Business Suite versions 12.2.3 through 12.2.15 allows a low-privileged authenticated attacker to fully compromise the component over HTTP. Per the vendor's June 2026 Critical Patch Update advisory the issue is rated CVSS 8.8 with high impact on confidentiality, integrity, and availability, and no public exploit identified at time of analysis. Risk is elevated for internet- or intranet-exposed EBS deployments because exploitation is rated 'easily exploitable' and only requires a valid low-privilege session.
Account takeover in the Oracle Quality module of Oracle E-Business Suite 12.2.3 through 12.2.15 allows a low-privileged attacker with HTTP network access to fully compromise the Quality component, impacting confidentiality, integrity, and availability (CVSS 3.1 8.8). The flaw resides in the Internal Operations component and is rated easily exploitable by Oracle's own advisory, though no public exploit identified at time of analysis and the issue is not yet listed in CISA KEV.
Account takeover of the Oracle Quality module in Oracle E-Business Suite versions 12.2.3 through 12.2.15 allows a low-privileged authenticated attacker to fully compromise the component over HTTP. Per the vendor's June 2026 Critical Patch Update advisory the issue is rated CVSS 8.8 with high impact on confidentiality, integrity, and availability, and no public exploit identified at time of analysis. Risk is elevated for internet- or intranet-exposed EBS deployments because exploitation is rated 'easily exploitable' and only requires a valid low-privilege session.