VDB

CVE-2022-21567

CVE-2022-21567 PUBLISHED CVSS 7.5 HIGH

Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Worklist). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Workflow. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Workflow accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

EPSS 1.76% · 83.0th percentile

Risk Scores

CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
1.76%
83.0th percentile

Affected Products

VendorProductVersions
oracleworkflow12.2.3
Oracle CorporationWorkflow12.2.3-12.2.11

Exploit Intelligence

Timeline

  • Jul 19, 2022 CVE Published
  • Jul 20, 2022 EPSS Score
  • Sep 5, 2022 EPSS Score
  • Oct 22, 2022 EPSS Score
  • Dec 8, 2022 EPSS Score
  • Jan 24, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Mar 11, 2023 EPSS Score
  • Apr 27, 2023 EPSS Score
  • Jul 30, 2023 EPSS Score
  • Sep 15, 2023 EPSS Score
  • Nov 1, 2023 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›