Critical vulnerability in Oracle iAssets component of Oracle E-Business Suite affecting versions 12.2.3-12.2.15. The easily exploitable flaw allows low privileged attackers with network access via HTTP to completely compromise Oracle iAssets. Successful exploitation can result in full system takeover with high impact to confidentiality, integrity, and availability. The vulnerability has scope change potential, meaning attacks may significantly impact additional products beyond Oracle iAssets. CVSS 3.1 Base Score of 9.9 indicates critical severity.