Oracle E-Business Suite Universal Work Queue Request Handling Vulnerability Allowing Unauthorized Data Access and Modification

Vulnerability

A vulnerability exists in the Oracle Universal Work Queue component of Oracle E-Business Suite, specifically in versions 12.2.5 through 12.2.14. This vulnerability allows an unauthenticated attacker with network access via HTTP to compromise the Oracle Universal Work Queue. Exploitation of this vulnerability requires human interaction from a third party. While the vulnerability is contained within the Oracle Universal Work Queue, successful attacks could significantly affect other products, leading to a scope change. The vulnerability allows unauthorized users to read, update, insert, or delete certain accessible data within the Oracle Universal Work Queue.

Impact

Exploitation of this vulnerability could result in unauthorized access to read, update, insert, or delete data within the Oracle Universal Work Queue, with potential significant impacts on additional products.

Added: Jul 15, 2025, 9:04 PM

Updated: Jul 15, 2025, 9:04 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

1.3

exploitability

6.0

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

1.3

exploitability

6.0

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Oracle E-Business Suite Universal Work Queue Request Handling Vulnerability Allowing Unauthorized Data Access and Modification

Vulnerability

Impact

Affected Products

Oracle Universal Work Queue

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating