Unauthenticated Remote Code Execution Vulnerability in Oracle E-Business Suite
CVE-2021-2015

8.2HIGH

Key Information:

Vendor: Oracle
Status: Workflow
Vendor: CVE Published:; 20 January 2021

What is CVE-2021-2015?

A vulnerability exists in the Oracle Workflow component of Oracle E-Business Suite, which could be exploited by unauthenticated attackers with network access. This security flaw requires interaction from a user other than the attacker, but successful exploitation can lead to unauthorized access and manipulation of sensitive data. Attackers may leverage this weakness to gain access to critical information or perform unauthorized actions such as updating, inserting, or deleting data within Oracle Workflow. Consequently, this vulnerability poses significant risks not only to the Oracle Workflow system but also to interconnected applications.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Workflow 12.2.3-12.2.10

References

https://www.oracle.com/security-alerts/cpujan2021.html

x_refsource_MISC

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 20, 2021
Vulnerability Reserved
Dec 9, 2020

JSON

Oracle