Oracle Workflow vulnerabilities

11 known vulnerabilities affecting oracle/workflow.

Total CVEs

11

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

CRITICAL2HIGH3MEDIUM6

Vulnerabilities

Page 1 of 1

CVE-2026-21959MEDIUMCVSS 4.9≥ 12.2.3, ≤ 12.2.152026-01-20

CVE-2026-21959 [MEDIUM] CWE-284 CVE-2026-21959: Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Workflow Loader) Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Workflow Loader). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Workflow. Successful attacks of this vulnerability can result in unauthorized

CVE-2025-53052MEDIUMCVSS 6.1≥ 12.2.3, ≤ 12.2.142025-10-21

CVE-2025-53052 [MEDIUM] CWE-284 CVE-2025-53052: Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Workflow Notific Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Workflow Notification Mailer). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Workflow. Successful attacks require human interaction from a pe

CVE-2025-21541MEDIUMCVSS 5.4≥ 12.2.3, ≤ 12.2.142025-01-21

CVE-2025-21541 [MEDIUM] CWE-281 CVE-2025-21541: Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Admin Screens an Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Admin Screens and Grants UI). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Workflow. Successful attacks of this vulnerability can result in u

CVE-2024-21071CRITICALCVSS 9.1≥ 12.2.3, ≤ 12.2.132024-04-16

CVE-2024-21071 [CRITICAL] CWE-284 CVE-2024-21071: Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Admin Screens an Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Admin Screens and Grants UI). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Workflow. While the vulnerability is in Oracle Workflow, attack

CVE-2022-21567HIGHCVSS 7.5≥ 12.2.3, ≤ 12.2.112022-07-19

CVE-2022-21567 [HIGH] CVE-2022-21567: Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Worklist). Suppo Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Worklist). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Workflow. Successful attacks of this vulnerability can result in unauthorized access to critic

CVE-2021-2343MEDIUMCVSS 4.3≥ 12.2.3, ≤ 12.2.10v12.1.32021-07-21

CVE-2021-2343 [MEDIUM] CVE-2021-2343: Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Workflow Notific Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Workflow Notification Mailer). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Workflow. Successful attacks of this vulnerability can result in

CVE-2021-2015HIGHCVSS 8.2≥ 12.2.3, ≤ 12.2.102021-01-20

CVE-2021-2015 [HIGH] CVE-2021-2015: Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Worklist). Suppo Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Worklist). Supported versions that are affected are 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Workflow. Successful attacks require human interaction from a person other than the attacker and

CVE-2020-2753MEDIUMCVSS 5.3≥ 12.2.3, ≤ 12.2.9v12.1.32020-04-15

CVE-2020-2753 [MEDIUM] CVE-2020-2753: Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Workflow Notific Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Workflow Notification Mailer). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Workflow. Successful attacks of this vulnerability can result in

CVE-2019-2925MEDIUMCVSS 4.3≥ 12.2.3, ≤ 12.2.8v12.1.32019-10-16

CVE-2019-2925 [MEDIUM] CVE-2019-2925: Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Worklist). Suppo Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Worklist). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Workflow. Successful attacks require human interaction from a person other than the

CVE-2006-1884CRITICALCVSS 10.0v11.5.1v11.5.9.52006-04-20

CVE-2006-1884 [CRITICAL] CVE-2006-1884: Unspecified vulnerability in the Oracle Thesaurus Management System component in Oracle E-Business S Unspecified vulnerability in the Oracle Thesaurus Management System component in Oracle E-Business Suite and OPA 4.5.2 Applications has unknown impact and attack vectors, aka Vuln# OPA01.

CVE-2006-0552HIGHCVSS 7.5v11.5.1v11.5.9.52006-02-04

CVE-2006-0552 [HIGH] CVE-2006-0552: Unspecified vulnerability in the Net Listener component of Oracle Database server 8.1.7.4, 9.0.1.5, Unspecified vulnerability in the Net Listener component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, and 9.2.0.7 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB11.