CVE-2018-3236

Name of the Vulnerable Software and Affected Versions Oracle E-Business Suite versions 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7

Description The issue is related to insufficient access control in the Oracle User Management component, allowing a high-privileged attacker with network access via HTTP to compromise Oracle User Management. Successful attacks can result in unauthorized creation, deletion, or modification access to critical data or all Oracle User Management accessible data, as well as unauthorized access to critical data or complete access to all Oracle User Management accessible data.

Recommendations For versions 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7, consider restricting access to the Oracle User Management component until a patch is available. As a temporary workaround, consider disabling the Reports subcomponent to minimize the risk of exploitation. Restrict access to critical data and ensure that only authorized personnel have access to Oracle User Management.