Vulnerability in Oracle Workflow within Oracle E-Business Suite
CVE-2024-21071

9.1CRITICAL

Key Information:

Vendor: Oracle
Status: Workflow
Vendor: CVE Published:; 16 April 2024

Summary

A vulnerability exists in the Admin Screens and Grants UI component of the Oracle Workflow product within the Oracle E-Business Suite, affecting versions 12.2.3 to 12.2.13. This vulnerability allows an attacker with elevated privileges and network access via HTTP to exploit the weakness, potentially leading to the compromise of the Oracle Workflow system. Notably, while the vulnerability is specifically related to Oracle Workflow, the ramifications of successful attacks can extend to other integrated products within the E-Business Suite. Attackers leveraging this vulnerability can achieve unauthorized control, resulting in serious implications for data confidentiality, integrity, and availability.

Affected Version(s)

Workflow 12.2.3 <= 12.2.13

References

https://www.oracle.com/security-alerts/cpuapr2024.html

vendor-advisory

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Apr 16, 2024