Suparak Promdee

**Name of the Vulnerable Software and Affected Versions** Oracle Enterprise Command Center Framework versions 11 through 13 **Description** The issue is related to insufficient input validation in the Diagnostics component of the Oracle Enterprise Command Center Framework. This can be exploited by a remote attacker to gain unauthorized access to protected information via the HTTP protocol. Successful attacks can result in unauthorized read access to a subset of accessible data. **Recommendations** For versions 11 through 13, update to a version that includes the fix for this issue to prevent unauthorized access. As a temporary workaround, consider restricting access to the Diagnostics component until a patch is available. Avoid using the HTTP protocol to access the Oracle Enterprise Command Center Framework until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.