Primary

Context

Oracle E-Business Suite iAssets Internal Operations Vulnerability Allowing Takeover

Vulnerability

Patched

A vulnerability exists in the Oracle iAssets product of Oracle E-Business Suite, specifically within the Internal Operations component. This vulnerability affects versions 12.2.3 through 12.2.15. It allows a low-privileged attacker with network access via HTTP to compromise Oracle iAssets. While the vulnerability is contained within Oracle iAssets, successful exploitation could significantly impact additional products, leading to a scope change. Exploitation of this vulnerability could result in a complete takeover of Oracle iAssets.

Impact

Exploitation of this vulnerability can lead to a complete takeover of Oracle iAssets.

Remediation

Users are advised to apply the May 2026 Critical Security Patch Update for Oracle E-Business Suite. For specific patching instructions, refer to the Oracle E-Business Suite Release 12 Critical Security Patch Update Knowledge Document (May 2026), available as My Oracle Support Note KA923.

Added: May 28, 2026, 9:50 PM

Updated: May 28, 2026, 9:50 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

5.2

remediation

0.0

relevance

9.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

5.2

remediation

0.0

relevance

9.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Oracle E-Business Suite iAssets Internal Operations Vulnerability Allowing Takeover

Vulnerability

Impact

Remediation

Affected Products

Oracle iAssets

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating