A critical vulnerability in the Oracle Enterprise Command Center Framework (versions V15 and V16) allows low-privileged attackers to manipulate or delete critical data and trigger a denial of service.

This vulnerability in the Core component allows a low-privileged attacker with network access via HTTP to perform unauthorized creation, deletion, or modification of critical data. It also allows for partial denial of service (DoS) attacks.

The CVSS score of 9.9 underscores the high risk of this vulnerability. Beyond the potential for unauthorized data access and integrity loss, the ability for an attacker to initiate a partial DoS could severely disrupt business operations and the availability of critical command center functions.

Immediate Action: Apply the June 2026 Critical Security Patch Update to all affected V15 and V16 instances immediately.

Proactive Monitoring: Monitor system logs for unauthorized data modification events and unusual traffic spikes consistent with a partial DoS attack.

Compensating Controls: Utilize WAF configurations to block suspicious HTTP requests that may attempt to manipulate framework data or exhaust system resources.

Public Exploit Available: False

To maintain the integrity and availability of the Enterprise Command Center Framework, administrators must apply the provided security patches without delay. Addressing this flaw is essential to preventing data corruption and operational disruption.