Impact
A flaw in the Work Provider Site Level Administration component of Oracle Universal Work Queue lets a low‑privileged attacker with network access exploit the system over HTTP. The vulnerability can be used to compromise Oracle Universal Work Queue, resulting in takeover with significant confidentiality, integrity, and availability impacts, as described by the CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
Affected Systems
Oracle Universal Work Queue, part of Oracle E‑Business Suite, is vulnerable in versions 12.2.3 through 12.2.15. Administrators should verify the version of their installation to determine exposure.
Risk and Exploitability
The CVSS base score of 8.8 indicates high severity. Although the EPSS probability is lower than 1 % and the vulnerability is not listed in the CISA KEV catalog, the low‑privileged, network‑only prerequisites and lack of a user interaction requirement make exploitation straightforward for an attacker who can reach the service.
OpenCVE Enrichment