CVE-2023-21959

Name of the Vulnerable Software and Affected Versions Oracle E-Business Suite versions 12.2.3 through 12.2.12

Description The issue is related to insufficient input validation in the Attachments component of the Oracle iReceivables product. It allows a low-privileged attacker with network access via HTTP to compromise Oracle iReceivables, resulting in unauthorized read access to a subset of Oracle iReceivables accessible data.

Recommendations For versions 12.2.3 through 12.2.12, consider restricting access to the Attachments component until a patch is available. As a temporary workaround, limit the use of HTTP connections to minimize the risk of exploitation.