A critical vulnerability in Oracle Enterprise Manager Base Platform (versions 13.5 and 24.1) allows low-privileged attackers to achieve full system takeover.

This is an easily exploitable vulnerability in the Target Management component that allows a low-privileged, authenticated attacker with network access via HTTP to compromise the base platform. Due to a scope change, successful exploitation may also impact integrated products.

The CVSS score of 9.9 highlights the extreme severity of this flaw. A successful exploit grants an attacker full control over the Enterprise Manager platform, leading to unauthorized data access, potential exfiltration, and administrative compromise. Given the platform's role in managing infrastructure, this could result in widespread system downtime and severe reputational damage.

Immediate Action: Apply the June 2026 Critical Security Patch Update provided by Oracle to mitigate this vulnerability immediately.

Proactive Monitoring: Review system and application logs for unusual HTTP traffic patterns or unauthorized attempts to access target management functions.

Compensating Controls: Implement strict network segmentation to limit access to the Enterprise Manager interface and deploy WAF rules to filter suspicious HTTP requests.

Public Exploit Available: False

This vulnerability presents a severe risk to organizational infrastructure. Security teams should prioritize patching affected Oracle Enterprise Manager instances during the current maintenance cycle to prevent unauthorized platform takeover and potential lateral movement.