This vulnerability affects Oracle Enterprise Manager Base Platform (Target Management component) versions 13.5 and 24.1. It is easily exploitable by an attacker with low privileges and network access over HTTP, allowing compromise and takeover of the platform. The vulnerability has a CVSS 3.1 score of 9.9, indicating critical impact on confidentiality, integrity, and availability. The scope of impact extends beyond the base platform to other Oracle products. Oracle's June 2026 Critical Security Patch Update advisory includes this vulnerability among 245 fixes and strongly urges customers to apply patches promptly. Until patches are applied, Oracle recommends reducing attack surface by blocking required network protocols and limiting user privileges where possible.

Successful exploitation results in complete compromise of Oracle Enterprise Manager Base Platform, affecting confidentiality, integrity, and availability. The vulnerability can lead to full platform takeover and may impact additional Oracle products due to scope change. This represents a critical risk to affected environments.

Oracle strongly recommends applying the June 2026 Critical Security Patch Update immediately to remediate this vulnerability. Until patches are applied, risk can be reduced by blocking network protocols required for exploitation (e.g., HTTP) and removing unnecessary privileges or access to vulnerable components from users. These mitigations may affect application functionality. Oracle manages no cloud service remediation for this product. Patch status is not explicitly stated in the advisory, but the CSPU contains the relevant fixes. Customers should consult the Oracle advisory at https://www.oracle.com/security-alerts/cspujun2026.html for detailed patch availability and installation instructions.