Oracle E-Business Suite User Management Workflow Vulnerability Allowing Unauthorized Data Access and Modification

Vulnerability

A vulnerability exists in the Oracle User Management component of Oracle E-Business Suite, specifically within the Workflow and Business Events area. This issue affects versions 12.2.7 through 12.2.15. The vulnerability is easily exploitable and allows a high-privileged attacker with network access via HTTP to compromise Oracle User Management. Successful exploitation could lead to unauthorized read access, as well as the ability to update, insert, or delete certain accessible data within Oracle User Management.

Impact

Exploitation of this vulnerability could result in unauthorized access to read, update, insert, or delete data within Oracle User Management.

Added: Apr 21, 2026, 11:29 PM

Updated: Apr 21, 2026, 11:29 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

3.1

exploitability

4.4

remediation

0.0

relevance

6.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

3.1

exploitability

4.4

remediation

0.0

relevance

6.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Oracle E-Business Suite User Management Workflow Vulnerability Allowing Unauthorized Data Access and Modification

Vulnerability

Impact

Affected Products

Oracle User Management

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating