This vulnerability in Oracle Cost Management (component: Cost Planning) affects version 12.2.3. It allows an attacker with high privileges and network access over HTTP to compromise the system, potentially resulting in complete takeover. The CVSS 3.1 vector (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) reflects network attack vector, low attack complexity, required high privileges, no user interaction, unchanged scope, and high impact on confidentiality, integrity, and availability. Oracle's June 2026 Critical Security Patch Update addresses this and many other vulnerabilities. The vendor strongly recommends applying the patches without delay. No explicit patch version or fix details are provided in the input, but the advisory URL is given for patch availability information.

An attacker with high privileges and network access via HTTP can exploit this vulnerability to fully compromise Oracle Cost Management, impacting confidentiality, integrity, and availability of the system. This could lead to unauthorized data access, modification, or disruption of service within Oracle Cost Management.

Oracle's June 2026 Critical Security Patch Update includes fixes for this vulnerability. Customers should apply the relevant security patches as soon as possible to remediate the issue. Until patches are applied, risk may be reduced by blocking network protocols required for exploitation and by restricting privileges to only necessary users. Oracle strongly recommends staying on actively supported versions and promptly applying security patches. Patch status is not explicitly confirmed in the input; users should consult the Oracle advisory at https://www.oracle.com/security-alerts/cspujun2026.html for current patch availability and installation instructions.