M Talha Shafique

**Name of the Vulnerable Software and Affected Versions** Oracle E-Business Suite versions 12.2.3 through 12.2.11 **Description** The issue allows an unauthenticated attacker with network access via HTTP to compromise Oracle iRecruitment, resulting in unauthorized read access to a subset of Oracle iRecruitment accessible data. The vulnerability exists due to insufficient input validation in the Candidate Self Service Registration component. **Recommendations** For versions 12.2.3 through 12.2.11, update to a version that includes the fix for this issue to prevent unauthorized read access. As a temporary workaround, consider restricting access to the Candidate Self Service Registration component until a patch is available.