This vulnerability affects Oracle iSupplier Portal component of Oracle E-Business Suite, specifically version 12.2.3. It allows a low privileged attacker with network access via HTTP to compromise the portal, potentially resulting in full takeover. The CVSS 3.1 base score is 7.5, indicating high severity with impacts on confidentiality, integrity, and availability. The vulnerability is described as difficult to exploit. Oracle's June 2026 Critical Security Patch Update advisory references this vulnerability among 245 security patches but does not explicitly state a fixed version for iSupplier Portal. Oracle strongly advises customers to apply the June 2026 Critical Security Patch Update to address this and other vulnerabilities.

Successful exploitation can lead to complete compromise of Oracle iSupplier Portal, impacting confidentiality, integrity, and availability of the system. This could allow an attacker to take over the portal with low privileges and network access via HTTP. The vulnerability is rated high severity with a CVSS 3.1 score of 7.5.

Oracle recommends applying the June 2026 Critical Security Patch Update as soon as possible to remediate this vulnerability. Until patches are applied, risk may be reduced by blocking network protocols required for exploitation and by removing unnecessary privileges from users. Oracle strongly advises staying on actively supported versions and promptly applying security patches to prevent exploitation. Patch status is not explicitly confirmed for a specific fixed version in the advisory; therefore, check the Oracle Critical Security Patch Update advisory at https://www.oracle.com/security-alerts/cspujun2026.html for the latest remediation guidance.