Abdullah H. Aljaber

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.14.4 Security Update versions prior to 2019-002 High Sierra Security Update versions prior to 2019-002 Sierra **Description** A lock screen issue allowed unauthorized access to contacts on a locked device. The problem was caused by inadequate state management. A local attacker could potentially view contacts from the lock screen. **Recommendations** For macOS versions prior to 10.14.4, update to macOS Mojave 10.14.4 or later. For Security Update versions prior to 2019-002 High Sierra, apply Security Update 2019-002 High Sierra or later. For Security Update versions prior to 2019-002 Sierra, apply Security Update 2019-002 Sierra or later.

**Name of the Vulnerable Software and Affected Versions** Oracle E-Business Suite versions 12.1.3 and 12.2.3 through 12.2.9 **Description** The issue is related to insufficient access control in the Workflow Notification Mailer component of Oracle Workflow, part of the Oracle E-Business Suite. This allows an unauthenticated attacker with network access via HTTP to compromise Oracle Workflow, potentially resulting in unauthorized update, insert, or delete access to some Oracle Workflow accessible data. **Recommendations** For versions 12.1.3, update to a version that includes the necessary security fixes. For versions 12.2.3 through 12.2.9, apply the relevant patch or update to a version that includes the necessary security fixes. As a temporary workaround, consider restricting access to the Workflow Notification Mailer component until a patch is available.