CVE-2026-34302
Unauthorized Data Modification and Partial DoS in Oracle Workflow Loader
Publication date: 2026-04-21
Last updated on: 2026-04-24
Assigner: Oracle
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| oracle | workflow | From 12.2.3 (inc) to 12.2.15 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
This vulnerability exists in the Oracle Workflow product of the Oracle E-Business Suite, specifically in the Workflow Loader component. It affects supported versions 12.2.3 through 12.2.15. The flaw allows a highly privileged attacker with network access via HTTP to compromise Oracle Workflow.
The vulnerability enables unauthorized update, insert, or delete operations on some Oracle Workflow accessible data. Additionally, it can cause a partial denial of service (partial DOS) of the Oracle Workflow service.
The vulnerability has a CVSS 3.1 base score of 5.5, indicating a moderate severity with impacts on integrity and availability.
How can this vulnerability impact me? :
If exploited, this vulnerability can allow an attacker with high privileges and network access to:
- Unauthorized update, insertion, or deletion of data accessible through Oracle Workflow.
- Cause a partial denial of service (partial DOS) affecting the availability of Oracle Workflow.
Because the scope of the attack may extend beyond Oracle Workflow, other related products could also be significantly impacted.