CVE-2025-21541

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-21541
Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Admin Screens and Grants UI). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Workflow. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Workflow accessible data as well as unauthorized read access to a subset of Oracle Workflow accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).

5.4 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://www.oracle.com/security-alerts/cpujan2025.html
Configurations

No configuration.

History

22 Jan 2025, 19:15

Type Values Removed Values Added
CWE CWE-281
Summary
  • (es) Vulnerabilidad en el producto Oracle Workflow de Oracle E-Business Suite (componente: Admin Screens and Grants UI). Las versiones compatibles afectadas son 12.2.3-12.2.14. Esta vulnerabilidad, que se puede explotar fácilmente, permite que un atacante con pocos privilegios y acceso a la red a través de HTTP comprometa Oracle Workflow. Los ataques exitosos de esta vulnerabilidad pueden dar como resultado un acceso no autorizado a actualizaciones, inserciones o eliminaciones de algunos datos accesibles de Oracle Workflow, así como un acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle Workflow. Puntuación base CVSS 3.1 5,4 (impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).

21 Jan 2025, 21:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-01-21 21:15

Updated : 2025-01-22 19:15

NVD link : CVE-2025-21541

Mitre link : CVE-2025-21541

CVE.ORG link : CVE-2025-21541

JSON object : View

Products Affected

No product.

CWE
CWE-281

Improper Preservation of Permissions