Okan Cokun

**Name of the Vulnerable Software and Affected Versions** Enterprise Manager for Fusion Middleware versions 11.1.1.9 through 12.2.1.3 **Description** The issue exists due to insufficient input validation in the FMW Control Plugin component. It allows a remote attacker to gain read access to data, modify data, or cause a partial denial of service using HTTP requests. Successful attacks can result in unauthorized update, insert, or delete access to some accessible data, as well as unauthorized read access to a subset of accessible data. **Recommendations** For version 11.1.1.9, update to a newer version to mitigate the risk. For version 12.2.1.3, update to a newer version to mitigate the risk. As a temporary workaround, consider restricting access to the FMW Control Plugin component until a patch is available.