Vulnerability in Oracle E-Business Suite's Universal Work Queue Component
CVE-2017-3417

8.2HIGH

Key Information:

Vendor: Oracle
Status: Universal Work Queue
Vendor: CVE Published:; 27 January 2017

Summary

Oracle E-Business Suite contains a network vulnerability in the Universal Work Queue component that allows an unauthenticated attacker with HTTP access to exploit it. Successful exploitation of this vulnerability can lead to unauthorized access to sensitive data, enabling an attacker to potentially update, insert, or delete data within the Oracle Universal Work Queue. The exploitation process requires human interaction by an individual other than the attacker, raising significant concerns regarding data integrity and confidentiality across multiple products within the Oracle E-Business Suite ecosystem.

Affected Version(s)

Universal Work Queue 12.1.1

Universal Work Queue 12.1.2

Universal Work Queue 12.1.3

References

http://www.securityfocus.com/bid/95561

vdb-entryx_refsource_BID

http://www.oracle.com/technetwork/security-advisory/cpuja...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 27, 2017
Vulnerability Reserved
Dec 6, 2016