Vulnerability in the Oracle Advanced Inbound Telephony product of Oracle E-Business Suite (component: Setup and Administration). Supported versions that are af…

Critical vulnerability in Oracle Advanced Inbound Telephony component of Oracle E-Business Suite affecting versions 12.2.3-12.2.15. The vulnerability allows unauthenticated attackers with network access via HTTP to completely compromise the telephony system. The flaw is easily exploitable and requires no privileges or user interaction. Successful exploitation can result in complete takeover of Oracle Advanced Inbound Telephony with high impact to confidentiality, integrity, and availability. CVSS 3.1 Base Score is 9.8, indicating critical severity. The vulnerability is present in the Setup and Administration component.