Vulnerability in Oracle E-Business Suite Admin Screens and Grants UI
CVE-2025-21541

5.4MEDIUM

Key Information:

Vendor: Oracle
Status: Oracle Workflow
Vendor: CVE Published:; 21 January 2025

Summary

A vulnerability in the Oracle Workflow component of Oracle E-Business Suite facilitates low privileged attackers to gain unauthorized access through HTTP. This issue allows the modification, insertion, or deletion of data within Oracle Workflow, as well as unrestricted read access to sensitive information. The affected versions range from 12.2.3 to 12.2.14, emphasizing the necessity for users to apply the latest patches to mitigate the risk of potential exploitation.

Affected Version(s)

Oracle Workflow 12.2.3 <= 12.2.14

References

https://www.oracle.com/security-alerts/cpujan2025.html

vendor-advisory

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 21, 2025
Vulnerability Reserved
Dec 24, 2024