Orwa Atyat

**Name of the Vulnerable Software and Affected Versions** Oracle E-Business Suite versions 12.2.3 through 12.2.11 **Description** The issue exists due to insufficient input validation in the Worklist component of the Oracle Workflow product. This allows a remote attacker to gain unauthorized access to protected information using the HTTP protocol. Successful attacks can result in unauthorized access to critical data or complete access to all accessible data. **Recommendations** For versions 12.2.3 through 12.2.11, update to a version that includes the fix for this issue to prevent unauthorized access. As a temporary workaround, consider restricting access to the Worklist component until a patch is available. Restrict network access via HTTP to the Oracle Workflow product to minimize the risk of exploitation.