Access Control Vulnerability in Oracle E-Business Suite Universal Work Queue
CVE-2021-35562

8.1HIGH

Key Information:

Vendor: Oracle
Status: Universal Work Queue
Vendor: CVE Published:; 20 October 2021

Summary

An access control vulnerability in the Oracle Universal Work Queue component of Oracle E-Business Suite allows low-privileged attackers with network access via HTTP to compromise the system. This vulnerability can lead to unauthorized creation, deletion, or modification of critical data and provides full access to all data accessible through Oracle Universal Work Queue. The affected versions include 12.1.1 to 12.1.3 and 12.2.3 to 12.2.10. Organizations must promptly apply patches to mitigate potential risks associated with this vulnerability.

Affected Version(s)

Universal Work Queue 12.1.1-12.1.3

Universal Work Queue 12.2.3-12.2.10

References

https://www.oracle.com/security-alerts/cpuoct2021.html

x_refsource_MISC

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 20, 2021
Vulnerability Reserved
Jun 28, 2021