Vulnerability in Oracle Workflow Product of Oracle E-Business Suite
CVE-2022-21567

7.5HIGH

Key Information:

Vendor: Oracle
Status: Workflow
Vendor: CVE Published:; 19 July 2022

Summary

This vulnerability affects the Oracle Workflow component within Oracle E-Business Suite, allowing unauthorized attackers with network access via HTTP to obtain access to sensitive data. Unauthenticated individuals can exploit this vulnerability to gain access to all data accessible through Oracle Workflow, which may lead to significant data breaches and potential misuse of critical corporate information.

Affected Version(s)

Workflow 12.2.3-12.2.11

References

https://www.oracle.com/security-alerts/cpujul2022.html

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 19, 2022
Vulnerability Reserved
Nov 15, 2021