Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-89gv-ggj8-gg3q

Опубликовано: 21 янв. 2025
Источник: github
Github: Не прошло ревью
CVSS3: 5.4

Описание

Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Admin Screens and Grants UI). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Workflow. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Workflow accessible data as well as unauthorized read access to a subset of Oracle Workflow accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).

Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Admin Screens and Grants UI). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Workflow. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Workflow accessible data as well as unauthorized read access to a subset of Oracle Workflow accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).

Ссылки

EPSS

Процентиль: 28%
0.00099
Низкий

5.4 Medium

CVSS3

CVE ID

CVE-2025-21541

Дефекты

CWE-281

Связанные уязвимости

nvd логотип

CVE-2025-21541

CVSS3: 5.4
nvd
около 1 года назад

Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Admin Screens and Grants UI). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Workflow. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Workflow accessible data as well as unauthorized read access to a subset of Oracle Workflow accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).

fstec логотип

BDU:2025-01290

CVSS3: 5.4
fstec
около 1 года назад

Уязвимость компонента Admin Screens and Grants UI системы для управления бизнес-процессами Oracle Workflow, позволяющая нарушителю получить доступ на чтение данных или получить доступ на изменение, добавление или удаление данных

EPSS

Процентиль: 28%
0.00099
Низкий

5.4 Medium

CVSS3

CVE ID

CVE-2025-21541

Дефекты

CWE-281