Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Admin Screens and Grants UI). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Workflow. While the vulnerability is in Oracle Workflow, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Workflow. CVSS 3.1 Base Score 9.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).
History

Fri, 06 Dec 2024 21:45:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:oracle:workflow:*:*:*:*:*:*:*:*

cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published: 2024-04-16T21:26:22.479Z

Updated: 2024-08-01T22:13:42.358Z

Reserved: 2023-12-07T22:28:10.665Z

Link: CVE-2024-21071

cve-icon Vulnrichment

Updated: 2024-08-01T22:13:42.358Z

cve-icon NVD

Status : Analyzed

Published: 2024-04-16T22:15:25.837

Modified: 2024-12-06T21:18:54.143

Link: CVE-2024-21071

cve-icon Redhat

No data.