CVE-2020-14862

Name of the Vulnerable Software and Affected Versions: Oracle Universal Work Queue versions 12.2.3 through 12.2.9

Description: The issue is related to insufficient input validation in the Internal Operations component of Oracle Universal Work Queue, part of the Oracle E-Business Suite. This can be exploited by a remote attacker using the HTTP protocol to gain full control over the application. The vulnerability can be easily exploited by a low-privileged attacker with network access, potentially leading to a takeover of Oracle Universal Work Queue.

Recommendations: For versions 12.2.3 through 12.2.9, update to a version that includes the fix for this issue to prevent exploitation. As a temporary workaround, consider restricting access to the Internal Operations component until a patch is available. Avoid using the HTTP protocol to access the Oracle Universal Work Queue until the issue is resolved.