Severity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Network-reachable EBS HTTP endpoint, low complexity, requires a low-privileged EBS account (PR:L), no user interaction, scope change to other EBS products, full CIA impact.
Primary rating from Vendor (oracle).
CVSS VectorVendor: oracle
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Work Provider Site Level Administration). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Universal Work Queue. While the vulnerability is in Oracle Universal Work Queue, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Universal Work Queue. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
AnalysisAI
Privilege escalation and full takeover of Oracle Universal Work Queue (component: Work Provider Site Level Administration) in Oracle E-Business Suite versions 12.2.3 through 12.2.15 allows a low-privileged remote attacker over HTTP to compromise the application with scope change extending impact to additional products. The CVSS 3.1 base score is 9.9 with full confidentiality, integrity, and availability impact, and no public exploit identified at time of analysis.
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Attacker must (1) reach the Oracle E-Business Suite HTTP middle tier hosting the Universal Work Queue module over the network and (2) hold any valid low-privileged EBS account (PR:L) able to authenticate to the Work Provider Site Level Administration component in EBS 12.2.3-12.2.15. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | All available signals point to this being a real priority for EBS operators: CVSS 3.1 is 9.9 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H) - network reachable, low complexity, only low privileges needed, no user interaction, and a scope change meaning impact extends beyond Universal Work Queue itself. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with any low-privileged EBS account - for example a self-service or supplier-portal user reachable over the internet - sends a crafted HTTP request to the Work Provider Site Level Administration endpoint and abuses the flaw to take over the Universal Work Queue module, then pivots through the scope change to read or modify data in other EBS products such as CRM or HR. No public exploit identified at time of analysis, but the AC:L/PR:L/UI:N profile means weaponization is straightforward once details are reverse-engineered from the June 2026 CPU. |
| Remediation | Patch available per vendor advisory: apply the fixes delivered in the Oracle Critical Patch Update - June 2026 (https://www.oracle.com/security-alerts/cspujun2026.html) to every EBS 12.2.3-12.2.15 environment running Universal Work Queue; Oracle does not publish per-CVE point versions, so apply the CPU bundle rather than waiting for an isolated hotfix. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
24 hours: Identify all systems running Oracle E-Business Suite 12.2.3-12.2.15 and immediately restrict network access to Work Provider Site Level Administration interfaces using firewall rules limiting to administrative IP ranges. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Oracle Universal Work Queue
View allAccount takeover in Oracle Universal Work Queue (Oracle E-Business Suite 12.2.3 through 12.2.15) allows a low-privileged
Account takeover in Oracle Universal Work Queue (Oracle E-Business Suite 12.2.3 through 12.2.15) allows a low-privileged
Takeover of Oracle Universal Work Queue is possible in Oracle E-Business Suite versions 12.2.3 through 12.2.15 via the W
Same weakness CWE-284 – Improper Access Control
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-37275