Vulnerability in Oracle E-Business Suite Affecting Universal Work Queue Component
CVE-2017-3415

8.2HIGH

Key Information:

Vendor
Oracle
Status
Universal Work Queue
Vendor
CVE Published:
27 January 2017

Summary

This vulnerability exists within the Oracle Universal Work Queue component of Oracle E-Business Suite, allowing an unauthenticated attacker with network access via HTTP to compromise the system. Successful exploitation necessitates human interaction from a third party, and while the vulnerability directly affects the Universal Work Queue, it can also have significant repercussions on associated products. Exploiting this vulnerability grants unauthorized access to sensitive data as well as the ability to update, insert, or delete data accessible through the Oracle Universal Work Queue. This poses a serious threat to data integrity and confidentiality.

Affected Version(s)

Universal Work Queue 12.1.1

Universal Work Queue 12.1.2

Universal Work Queue 12.1.3

References

http://www.securityfocus.com/bid/95487
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1037639
vdb-entryx_refsource_SECTRACK
http://www.oracle.com/technetwork/security-advisory/cpuja...
x_refsource_CONFIRM

CVSS V3.1

Score:
8.2
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.