Kasper Leigh Haabb

**Name of the Vulnerable Software and Affected Versions** Oracle E-Business Suite versions 12.1.1 through 12.1.3 Oracle E-Business Suite versions 12.2.3 through 12.2.9 **Description** The issue is related to inadequate access control in the Attachments component of Oracle Document Management and Collaboration. It can be exploited by a remote attacker to gain unauthorized access to sensitive information or to modify, add, or delete data using the HTTP protocol. Successful attacks may require human interaction and can significantly impact additional products, resulting in unauthorized access to critical data or complete access to all accessible data. **Recommendations** For versions 12.1.1 through 12.1.3, update to a version outside of this range to mitigate the risk. For versions 12.2.3 through 12.2.9, update to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting access to the Attachments component until a patch is available. Restrict access to the HTTP protocol to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Oracle Outside In Technology version 8.5.4 **Description** The issue is related to insufficient access controls in the Outside In Filters component of Oracle Outside In Technology, a suite of software development kits (SDKs). This can be exploited by an unauthenticated attacker with network access via the HTTP protocol to gain unauthorized access to protected information or cause a partial denial of service. Successful attacks can result in unauthorized update, insert, or delete access to some data, as well as unauthorized read access to a subset of data. **Recommendations** For version 8.5.4, consider restricting access to the Outside In Filters component until a patch is available. As a temporary workaround, limit the use of the HTTP protocol to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Oracle Outside In Technology versions 8.5.4 **Description** The issue is related to insufficient access controls in the Outside In Filters component of Oracle Outside In Technology, a suite of software development kits (SDKs). This can be exploited by an unauthenticated attacker with network access via the HTTP protocol to compromise Oracle Outside In Technology, potentially leading to unauthorized update, insert, or delete access to some accessible data. **Recommendations** For version 8.5.4, update to a version that includes the fix for this issue to prevent unauthorized access and potential data manipulation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Oracle Outside In Technology version 8.5.4 **Description** The issue is related to inadequate access control in the Outside In Filters component of Oracle Outside In Technology, a suite of software development kits (SDKs). It allows an unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology, resulting in unauthorized update, insert, or delete access to some data, as well as unauthorized read access to a subset of data. Additionally, it can cause a partial denial of service (DOS) of Oracle Outside In Technology. **Recommendations** For Oracle Outside In Technology version 8.5.4, update to a version that addresses the inadequate access control issue in the Outside In Filters component to prevent unauthorized access and potential denial of service. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Oracle Outside In Technology version 8.5.4 **Description** The issue is related to inadequate access control in the Outside In Filters component of Oracle Outside In Technology, a suite of software development kits (SDKs). It allows an unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology, resulting in unauthorized update, insert, or delete access to some data, as well as unauthorized read access to a subset of data. Additionally, it can cause a partial denial of service (DOS) of Oracle Outside In Technology. **Recommendations** For Oracle Outside In Technology version 8.5.4, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Oracle Outside In Technology version 8.5.4 **Description** The issue is related to insufficient access controls in the Outside In Filters component of Oracle Outside In Technology, a software development kit (SDK). This can be exploited by a remote attacker to gain unauthorized access to protected information or cause a partial denial of service using the HTTP protocol. Successful attacks can result in unauthorized update, insert, or delete access to some data, as well as unauthorized read access to a subset of data. **Recommendations** For version 8.5.4, consider restricting access to the Outside In Filters component to minimize the risk of exploitation until a patch is available. As a temporary workaround, limit the use of the HTTP protocol to reduce the potential for remote attacks.

**Name of the Vulnerable Software and Affected Versions** Oracle Outside In Technology version 8.5.4 **Description** The issue is related to a vulnerability in the Oracle Outside In Technology product, specifically in the Outside In Filters component. This vulnerability can be easily exploited by an unauthenticated attacker with network access via HTTP, allowing them to compromise Oracle Outside In Technology. Successful attacks can result in unauthorized access to update, insert, or delete some of the accessible data in Oracle Outside In Technology, as well as cause a partial denial of service. The vulnerability is associated with resource release errors in the Outside In Filters component. **Recommendations** For Oracle Outside In Technology version 8.5.4, consider applying security patches or updates to fix the resource release errors in the Outside In Filters component to prevent exploitation. As a temporary workaround, restrict access to the Outside In Technology code to minimize the risk of unauthorized data access or denial of service attacks.

**Name of the Vulnerable Software and Affected Versions** Oracle Outside In Technology version 8.5.4 **Description** The issue is related to inadequate access controls in the Outside In Filters component of Oracle Outside In Technology, a suite of software development kits (SDKs). This allows an unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology, resulting in unauthorized access to some data, including update, insert, or delete access, as well as unauthorized read access to a subset of data. Additionally, it can cause a partial denial of service (DOS) of Oracle Outside In Technology. **Recommendations** For Oracle Outside In Technology version 8.5.4, update to a version that addresses the inadequate access controls in the Outside In Filters component to prevent unauthorized access and potential denial of service. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Oracle Outside In Technology version 8.5.4 **Description** The issue is related to inadequate access controls in the Outside In Filters component of Oracle Outside In Technology, a suite of software development kits (SDKs). This allows an unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology, resulting in unauthorized access to some data and potential partial denial of service (DOS). The impact depends on how the software using the Outside In Technology code handles network data. **Recommendations** For version 8.5.4, consider restricting access to the Outside In Filters component until a patch is available, and ensure that any software using this component does not pass unsanitized network data directly to it. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Oracle Outside In Technology version 8.5.4 **Description** The issue is related to insufficient access controls in the Outside In Filters component of Oracle Outside In Technology, a suite of software development kits (SDKs). This allows an unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology, resulting in unauthorized access to some data and potential partial denial of service (DOS). The impact depends on how the software using the Outside In Technology code handles network data. **Recommendations** For version 8.5.4, consider restricting access to the Outside In Filters component until a patch is available to prevent unauthorized data access and potential DOS attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Oracle Outside In Technology version 8.5.4 **Description** The issue is related to inadequate access control in the Outside In Filters component of Oracle Outside In Technology, a suite of software development kits (SDKs). It allows an unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology, resulting in unauthorized access to some data and potential partial denial of service (DOS). The impact depends on how the software using the Outside In Technology code handles network data. **Recommendations** For version 8.5.4, consider restricting access to the Outside In Filters component until a patch is available, and ensure that any software using the Outside In Technology code does not directly pass network-received data to it without proper validation and sanitization. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** JasPer versions prior to 1.900.14 **Description** The issue allows remote attackers to cause a denial of service, specifically an assertion failure, due to problems in the `jpc irct` and `jpc iict` functions. **Recommendations** For versions prior to 1.900.14, update to version 1.900.14 or later to resolve the issue.