Martin Doyhenard

Name of the Vulnerable Software and Affected Versions: SAP Web Dispatcher versions 7.49, 7.53, 7.77, 7.81 KRNL64NUC versions 7.22, 7.22EXT, 7.49 KRNL64UC versions 7.22, 7.22EXT, 7.49, 7.53 KERNEL versions 7.22, 7.49, 7.53, 7.77, 7.81, 7.83 Description: The issue allows an unauthenticated attacker to submit a malicious crafted request over a network to a front-end server, which may result in a back-end server confusing the boundaries of malicious and legitimate messages. This can lead to the back-end server executing a malicious payload, allowing the attacker to read or modify any information on the server or consume server resources, making it temporarily unavailable. Recommendations: For SAP Web Dispatcher versions 7.49, 7.53, 7.77, 7.81, update to a version that includes the fix for this issue. For KRNL64NUC versions 7.22, 7.22EXT, 7.49, update to a version that includes the fix for this issue. For KRNL64UC versions 7.22, 7.22EXT, 7.49, 7.53, update to a version that includes the fix for this issue. For KERNEL versions 7.22, 7.49, 7.53, 7.77, 7.81, 7.83, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the front-end server to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Oracle E-Business Suite versions 12.1.1 through 12.1.3 Oracle E-Business Suite versions 12.2.3 through 12.2.9 **Description** The issue is related to insufficient access control in the Account Hierarchy Manager component of Oracle General Ledger. It allows an unauthenticated attacker with network access via HTTP to compromise Oracle General Ledger, resulting in unauthorized access to critical data or complete access to all Oracle General Ledger accessible data. **Recommendations** For versions 12.1.1 through 12.1.3, update to a version outside of this range to mitigate the risk. For versions 12.2.3 through 12.2.9, update to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting access to the Account Hierarchy Manager component until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Oracle Human Resources versions 12.1.1 through 12.1.3 Oracle Human Resources versions 12.2.3 through 12.2.9 **Description** The issue exists due to insufficient input validation in the Hierarchy Diagrammers component of Oracle Human Resources. This allows a remote attacker to modify, add, or delete data, gain unauthorized access to protected information, or cause a partial denial of service using the HTTPS protocol. Successful attacks can result in unauthorized creation, deletion, or modification access to critical data, as well as unauthorized access to all accessible data in Oracle Human Resources. **Recommendations** For versions 12.1.1 through 12.1.3, update to a version that includes the fix for this issue. For versions 12.2.3 through 12.2.9, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the Hierarchy Diagrammers component until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Oracle Human Resources versions 12.1.1 through 12.1.3 Oracle Human Resources versions 12.2.3 through 12.2.9 **Description** The issue exists due to insufficient input validation in the Hierarchy Diagrammers component of Oracle Human Resources. Exploitation of this issue may allow a remote attacker to modify, add, or delete data, gain unauthorized access to protected information, or cause a partial denial of service using the HTTPS protocol. Successful attacks can result in unauthorized creation, deletion, or modification access to critical data, as well as unauthorized access to all accessible data in Oracle Human Resources. **Recommendations** For Oracle Human Resources versions 12.1.1 through 12.1.3, update to a version that includes the fix for this issue. For Oracle Human Resources versions 12.2.3 through 12.2.9, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the Hierarchy Diagrammers component until a patch is available.