Volerion logoVolerion
Volerion logoVolerion

Oracle E-Business Suite Oracle Universal Work Queue Vulnerability Allowing Unauthorized Takeover

Vulnerability

A vulnerability exists in the Oracle Universal Work Queue component of Oracle E-Business Suite, specifically within the Work Provider Site Level Administration feature. This vulnerability affects versions 12.2.3 through 12.2.15. It allows a low-privileged attacker with network access via HTTP to compromise the Oracle Universal Work Queue. While the vulnerability is contained within the work queue component, successful exploitation could significantly impact additional products, leading to a scope change. Exploitation of this vulnerability could result in a complete takeover of the Oracle Universal Work Queue.

Impact

Exploitation of this vulnerability can lead to a complete takeover of the Oracle Universal Work Queue component.

Remediation

Users are advised to apply the May 2026 Critical Security Patch Update for Oracle E-Business Suite. For specific patching instructions, refer to the Oracle E-Business Suite Release 12 Critical Security Patch Update Knowledge Document (May 2026), available as My Oracle Support Note KA923.

Added: May 28, 2026, 9:48 PM
Updated: May 28, 2026, 9:48 PM

Vulnerability Rating

Custom Algorithm
spread
0.3
impact
5.0
exploitability
4.9
remediation
7.7
relevance
9.2
threat
0.0
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.