Impact
This vulnerability permits an attacker who can reach the Oracle Universal Work Queue over HTTP to compromise the system. The description of the vulnerability indicates that an attacker who succeeds might take control of the queue service, which would compromise confidentiality, integrity, and availability. It is inferred that successful exploitation could lead to a full takeover of the service.
Affected Systems
Oracle Universal Work Queue, version 12.2.3 through 12.2.15, component Work Provider Site Level Administration. The attack can be performed by a low‑privileged network user who sends crafted HTTP requests to the exposed Work Queue service.
Risk and Exploitability
The overall CVSS score is 7.5, representing high severity. The EPSS score is less than 1%, indicating a low exploitation probability in the current landscape, and the vulnerability is not listed in the CISA KEV catalog. However, because the attack is remote and the impact is complete takeover, it remains a significant risk for exposed network assets. Attackers would need to target an internet‑reachable Oracle Universal Work Queue instance; the lack of high prerequisites makes exploitation plausible if a suitable target is found. The description implies that a successful attack could lead to full takeover.
OpenCVE Enrichment