Andrej Šimko

**Name of the Vulnerable Software and Affected Versions** OpenText Directory Services versions 20.4.1 through 25.2 **Description** A flaw exists within the User Interface (UI) of OpenText Directory Services that can lead to a misrepresentation of critical information, specifically enabling cache poisoning. An attacker could exploit this to inject manipulated text into the OpenText application, potentially deceiving users. **Recommendations** Update OpenText Directory Services to a version later than 25.2.

Name of the Vulnerable Software and Affected Versions: Oracle Complex Maintenance, Repair, and Overhaul versions 12.2.3 through 12.2.13 Description: The issue exists due to insufficient input validation in the LOV component of the Oracle Complex Maintenance, Repair, and Overhaul product, part of the Oracle E-Business Suite. This allows a remote attacker to gain read, modify, add, or delete access to data via the HTTP protocol. Successful attacks require human interaction and may significantly impact additional products. The vulnerability can result in unauthorized update, insert, or delete access to some data, as well as unauthorized read access to a subset of data. Recommendations: For versions 12.2.3 through 12.2.13, consider disabling the LOV component temporarily until a patch is available to prevent exploitation. Restrict access to the Oracle Complex Maintenance, Repair, and Overhaul product via HTTP to minimize the risk of unauthorized data access. Avoid using the affected product for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.2.3 through 12.2.13 Description: The issue is related to insufficient input validation in the LOV component of Oracle Complex Maintenance, Repair, and Overhaul. This allows an unauthenticated attacker with network access via HTTP to compromise the system. Successful attacks require human interaction and may significantly impact additional products. The attacks can result in unauthorized update, insert, or delete access to some data, as well as unauthorized read access to a subset of data. Recommendations: For versions 12.2.3 through 12.2.13, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Oracle Complex Maintenance, Repair, and Overhaul versions 12.2.3 through 12.2.13 Description: The issue is related to insufficient input validation in the LOV component of Oracle Complex Maintenance, Repair, and Overhaul, allowing an unauthenticated attacker with network access via HTTP to compromise the system. Successful attacks require human interaction from a person other than the attacker and may significantly impact additional products. This can result in unauthorized update, insert, or delete access to some data, as well as unauthorized read access to a subset of data. Recommendations: For versions 12.2.3 through 12.2.13, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the LOV component until a patch is available. Avoid using the HTTP protocol for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Oracle Complex Maintenance, Repair, and Overhaul versions 12.2.3 through 12.2.13 Description: The issue is related to insufficient input validation in the LOV component of Oracle Complex Maintenance, Repair, and Overhaul, allowing an unauthenticated attacker with network access via HTTP to compromise the system. Successful attacks require human interaction and may significantly impact additional products. This can result in unauthorized update, insert, or delete access to some data, as well as unauthorized read access to a subset of data. Recommendations: For versions 12.2.3 through 12.2.13, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.2.3 through 12.2.13 Description: The issue is related to insufficient input validation in the LOV component of Oracle Complex Maintenance, Repair, and Overhaul. This easily exploitable vulnerability allows an unauthenticated attacker with network access via HTTP to compromise the system. Successful attacks require human interaction from a person other than the attacker and may significantly impact additional products. The vulnerability can result in unauthorized update, insert, or delete access to some data, as well as unauthorized read access to a subset of data. Recommendations: For versions 12.2.3 through 12.2.13, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.2.3 through 12.2.13 Description: The issue is related to insufficient input validation in the LOV component of Oracle Complex Maintenance, Repair, and Overhaul. This easily exploitable vulnerability allows an unauthenticated attacker with network access via HTTP to compromise the system. Successful attacks require human interaction and may significantly impact additional products. The vulnerability can result in unauthorized update, insert, or delete access to some data, as well as unauthorized read access to a subset of data. Recommendations: For versions 12.2.3 through 12.2.13, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Oracle Complex Maintenance, Repair, and Overhaul versions 12.2.3 through 12.2.13 Description: The issue exists due to insufficient input validation in the LOV component of the Oracle Complex Maintenance, Repair, and Overhaul application. This allows a remote attacker to gain read, modify, add, or delete access to data via the HTTP protocol. Successful attacks may require human interaction and can significantly impact additional products. The vulnerability can result in unauthorized update, insert, or delete access to some data, as well as unauthorized read access to a subset of data. Recommendations: For versions 12.2.3 through 12.2.13, consider disabling the LOV component until a patch is available to prevent exploitation. Restrict access to the affected component to minimize the risk of unauthorized data access. Avoid using the HTTP protocol for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Oracle Complex Maintenance, Repair, and Overhaul versions 12.2.3 through 12.2.13 Description: The issue is related to insufficient input validation in the LOV component of Oracle Complex Maintenance, Repair, and Overhaul, allowing an unauthenticated attacker with network access via HTTP to compromise the system. Successful attacks require human interaction from a person other than the attacker and may significantly impact additional products. This can result in unauthorized update, insert, or delete access to some data, as well as unauthorized read access to a subset of data. Recommendations: For versions 12.2.3 through 12.2.13, consider restricting access to the LOV component until a patch is available. As a temporary workaround, limit the use of HTTP protocol for sensitive operations. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Oracle Complex Maintenance, Repair, and Overhaul versions 12.2.3 through 12.2.13 Description: The issue is related to insufficient input validation in the LOV component of Oracle Complex Maintenance, Repair, and Overhaul, allowing an unauthenticated attacker with network access via HTTP to compromise the system. Successful attacks require human interaction from a person other than the attacker and may significantly impact additional products. This can result in unauthorized update, insert, or delete access to some data, as well as unauthorized read access to a subset of data. Recommendations: For versions 12.2.3 through 12.2.13, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.2.3 through 12.2.13 Description: The issue is related to insufficient input validation in the LOV component of Oracle Complex Maintenance, Repair, and Overhaul. This easily exploitable vulnerability allows an unauthenticated attacker with network access via HTTP to compromise the system. Successful attacks require human interaction from a person other than the attacker and may significantly impact additional products. The vulnerability can result in unauthorized update, insert, or delete access to some data, as well as unauthorized read access to a subset of data. Recommendations: For versions 12.2.3 through 12.2.13, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Oracle Complex Maintenance, Repair, and Overhaul versions 12.2.3 through 12.2.13 Description: The issue is related to insufficient input validation in the LOV component of Oracle Complex Maintenance, Repair, and Overhaul, allowing an unauthenticated attacker with network access via HTTP to compromise the system. Successful attacks require human interaction and may significantly impact additional products. This can result in unauthorized update, insert, or delete access to some data, as well as unauthorized read access to a subset of data. Recommendations: For versions 12.2.3 through 12.2.13, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.2.3 through 12.2.13 Description: The issue is related to insufficient input validation in the LOV component of Oracle Complex Maintenance, Repair, and Overhaul. This allows an unauthenticated attacker with network access via HTTP to compromise the system. Successful attacks require human interaction and can result in unauthorized update, insert, or delete access to some data, as well as unauthorized read access to a subset of data. Recommendations: For versions 12.2.3 through 12.2.13, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.2.3 through 12.2.13 Description: The issue is related to insufficient input validation in the LOV component of Oracle Complex Maintenance, Repair, and Overhaul. This easily exploitable vulnerability allows an unauthenticated attacker with network access via HTTP to compromise the system. Successful attacks require human interaction from a person other than the attacker and may significantly impact additional products. The vulnerability can result in unauthorized update, insert, or delete access to some data, as well as unauthorized read access to a subset of data. Recommendations: For versions 12.2.3 through 12.2.13, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Oracle Complex Maintenance, Repair, and Overhaul versions 12.2.3 through 12.2.13 Description: The issue exists due to insufficient input validation in the LOV component of the Oracle Complex Maintenance, Repair, and Overhaul application. This allows a remote attacker to gain read, modify, add, or delete access to data via the HTTP protocol. Successful attacks require human interaction and may significantly impact additional products. The vulnerability can result in unauthorized update, insert, or delete access to some data, as well as unauthorized read access to a subset of data. Recommendations: For versions 12.2.3 through 12.2.13, update to a version that includes the fix for this issue to prevent exploitation. As a temporary workaround, consider restricting access to the LOV component until a patch is available. Additionally, restrict HTTP access to the Oracle Complex Maintenance, Repair, and Overhaul application to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.2.3 through 12.2.13 Description: The issue is related to insufficient input validation in the LOV component of the Oracle Complex Maintenance, Repair, and Overhaul product. This allows an unauthenticated attacker with network access via HTTP to compromise the system. Successful attacks require human interaction and may significantly impact additional products. The vulnerability can result in unauthorized update, insert, or delete access to some data, as well as unauthorized read access to a subset of data. Recommendations: For versions 12.2.3 through 12.2.13, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Oracle Complex Maintenance, Repair, and Overhaul versions 12.2.3 through 12.2.13 Description: The issue is related to insufficient input validation in the LOV component of Oracle Complex Maintenance, Repair, and Overhaul, allowing an unauthenticated attacker with network access via HTTP to compromise the system. Successful attacks require human interaction and may significantly impact additional products. This can result in unauthorized update, insert, or delete access to some data, as well as unauthorized read access to a subset of data. Recommendations: For versions 12.2.3 through 12.2.13, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Oracle Complex Maintenance, Repair, and Overhaul versions 12.2.3 through 12.2.13 Description: The issue exists due to insufficient input validation in the LOV component of the Oracle Complex Maintenance, Repair, and Overhaul product, part of the Oracle E-Business Suite. This allows a remote attacker to gain read, modify, add, or delete access to data via the HTTP protocol. Successful attacks require human interaction and may significantly impact additional products. Attacks can result in unauthorized update, insert, or delete access to some data, as well as unauthorized read access to a subset of data. Recommendations: For versions 12.2.3 through 12.2.13, consider disabling the LOV component temporarily until a patch is available to prevent exploitation. Restrict access to the Oracle Complex Maintenance, Repair, and Overhaul product via HTTP to minimize the risk of unauthorized data access. Avoid using the HTTP protocol for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.2.3 through 12.2.13 Description: The issue is related to insufficient input validation in the LOV component of the Oracle Complex Maintenance, Repair, and Overhaul product. This allows an unauthenticated attacker with network access via HTTP to compromise the system. Successful attacks require human interaction and can result in unauthorized update, insert, or delete access to some data, as well as unauthorized read access to a subset of data. Recommendations: For versions 12.2.3 through 12.2.13, upgrade to a newer version to mitigate the risk of remote exploitation. As a temporary workaround, consider restricting access to the LOV component until a patch is available.

Name of the Vulnerable Software and Affected Versions: Oracle Complex Maintenance, Repair, and Overhaul versions 12.2.3 through 12.2.13 Description: The issue exists due to insufficient input validation in the LOV component of the Oracle Complex Maintenance, Repair, and Overhaul product, part of the Oracle E-Business Suite. This allows a remote attacker to gain read, modify, add, or delete access to data via the HTTP protocol. Successful attacks require human interaction and may significantly impact additional products. Attacks can result in unauthorized update, insert, or delete access to some data, as well as unauthorized read access to a subset of data. Recommendations: For versions 12.2.3 through 12.2.13, consider restricting access to the LOV component until a patch is available. As a temporary workaround, consider disabling the use of HTTP protocol for the Oracle Complex Maintenance, Repair, and Overhaul product until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.