Trung Le

**Name of the Vulnerable Software and Affected Versions** Apache OpenMeetings versions prior to 6.0.0 **Description** The NetTest web service can be used to overload the bandwidth of an Apache OpenMeetings server. This issue was addressed in Apache OpenMeetings 6.0.0. **Recommendations** For versions prior to 6.0.0, update to Apache OpenMeetings 6.0.0 to resolve the issue. As a temporary workaround, consider restricting access to the NetTest web service to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Oracle E-Business Suite versions 12.1.1 through 12.1.3 Oracle E-Business Suite versions 12.2.3 through 12.2.10 **Description** The issue is related to insufficient input validation in the Marketing Administration component of Oracle Marketing. This allows an unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and may significantly impact additional products. The attacks can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data, as well as unauthorized update, insert, or delete access to some of Oracle Marketing accessible data. **Recommendations** For versions 12.1.1 through 12.1.3, update to a version outside of this range to mitigate the risk. For versions 12.2.3 through 12.2.10, update to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting access to the Marketing Administration component until a patch is available. Avoid using HTTP requests to the vulnerable component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Oracle E-Business Suite (component: Marketing Administration) versions 12.1.1 through 12.1.3 Oracle E-Business Suite (component: Marketing Administration) versions 12.2.3 through 12.2.10 **Description** The issue exists due to insufficient input validation in the Marketing Administration component of Oracle Marketing. This allows a remote attacker to modify data or gain unauthorized access to the device via HTTP requests. Successful attacks require human interaction and can result in unauthorized access to critical data, complete access to all Oracle Marketing accessible data, as well as unauthorized update, insert, or delete access to some Oracle Marketing accessible data. **Recommendations** For versions 12.1.1 through 12.1.3, update to a version outside of this range to resolve the issue. For versions 12.2.3 through 12.2.10, update to a version outside of this range to resolve the issue. As a temporary workaround, consider restricting access to the Marketing Administration component until a patch is available. Avoid using HTTP requests to the vulnerable component until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.1.1 through 12.1.3 Oracle E-Business Suite versions 12.2.3 through 12.2.10 Description: The issue is related to insufficient input validation in the User Interface component of the Oracle Trade Management product. This can be exploited by a remote attacker to gain unauthorized access to protected information or to modify, add, or delete data using the HTTP protocol. The attack requires human interaction from someone other than the attacker and can significantly impact additional products, resulting in unauthorized access to critical data or complete access to all accessible data in Oracle Trade Management, as well as unauthorized update, insert, or delete access to some of the accessible data. Recommendations: For versions 12.1.1 through 12.1.3, update to a version outside of this range to mitigate the risk. For versions 12.2.3 through 12.2.10, update to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting access to the User Interface component of Oracle Trade Management until a patch is available.

Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.1.1 through 12.1.3 Oracle E-Business Suite versions 12.2.3 through 12.2.10 Description: The issue is related to insufficient input validation in the User Interface component of the Oracle Trade Management product. This can be exploited by a remote attacker to gain unauthorized access to sensitive information or to modify, add, or delete data using the HTTP protocol. The attack requires some interaction from a person other than the attacker and can have significant impacts on additional products beyond Oracle Trade Management. Recommendations: For versions 12.1.1 through 12.1.3, update to a version outside of this range to mitigate the risk. For versions 12.2.3 through 12.2.10, update to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting access to the User Interface component of Oracle Trade Management until a patch is available.

Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.1.1 through 12.1.3 Oracle E-Business Suite versions 12.2.3 through 12.2.10 Description: The issue is related to insufficient input validation in the User Interface component of the Oracle Trade Management product. This can be exploited by a remote attacker to gain unauthorized access to sensitive information or to modify, add, or delete data using the HTTP protocol. The attack requires some interaction from a person other than the attacker and can have significant impacts on additional products beyond Oracle Trade Management. Recommendations: For versions 12.1.1 through 12.1.3, update to a version outside of this range to mitigate the risk. For versions 12.2.3 through 12.2.10, update to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting access to the User Interface component of Oracle Trade Management to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.1.3 and 12.2.3 through 12.2.10 Description: The issue is related to insufficient input validation in the Flex Fields component of Oracle CRM Technical Foundation. It allows an unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical Foundation, potentially leading to unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data, as well as unauthorized update, insert, or delete access to some of Oracle CRM Technical Foundation accessible data. Successful attacks require human interaction from a person other than the attacker. Recommendations: For versions 12.1.3, update to a version that includes the fix for this issue. For versions 12.2.3 through 12.2.10, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the Flex Fields component until a patch is available.

Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.1.1 through 12.1.3 Oracle E-Business Suite versions 12.2.3 through 12.2.10 Description: The issue is related to insufficient input validation in the Oracle Installed Base product of Oracle E-Business Suite, specifically in the APIs component. This can be exploited by an unauthenticated attacker with network access via HTTP, potentially allowing unauthorized update, insert, or delete access to some of the accessible data. Successful attacks require human interaction from a person other than the attacker and may significantly impact additional products. Recommendations: For Oracle E-Business Suite versions 12.1.1 through 12.1.3, update to a version outside of this range to mitigate the risk. For Oracle E-Business Suite versions 12.2.3 through 12.2.10, update to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting access to the APIs component of the Oracle Installed Base product to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.1.1 through 12.1.3 Oracle E-Business Suite versions 12.2.3 through 12.2.10 Description: The issue is related to insufficient input validation in the User Interface component of Oracle Trade Management, part of the Oracle E-Business Suite. This can be exploited by a remote attacker to gain unauthorized access to protected information or to modify, add, or delete data using the HTTP protocol. Successful attacks require human interaction and can significantly impact additional products, potentially resulting in unauthorized access to critical data or complete access to all accessible data in Oracle Trade Management, as well as unauthorized update, insert, or delete access to some of the accessible data. Recommendations: For versions 12.1.1 through 12.1.3, update to a version outside of this range to mitigate the risk. For versions 12.2.3 through 12.2.10, update to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting access to the User Interface component of Oracle Trade Management until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Oracle E-Business Suite versions 12.1.1 through 12.1.3 Oracle E-Business Suite versions 12.2.3 through 12.2.10 **Description** The issue is related to insufficient input validation in the User Interface component of Oracle Trade Management, part of the Oracle E-Business Suite. This can be exploited by a remote attacker to gain unauthorized access to protected information or to modify, add, or delete data using the HTTP protocol. Successful attacks require human interaction and can significantly impact additional products, potentially resulting in unauthorized access to critical data or complete access to all accessible data in Oracle Trade Management, as well as unauthorized update, insert, or delete access to some of the accessible data. **Recommendations** For versions 12.1.1 through 12.1.3, update to a version outside of this range to mitigate the risk. For versions 12.2.3 through 12.2.10, update to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting access to the User Interface component of Oracle Trade Management to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Oracle E-Business Suite versions 12.1.1 through 12.1.3 Oracle E-Business Suite versions 12.2.3 through 12.2.10 **Description** The issue is related to insufficient input validation in the Marketing Administration component of Oracle Marketing. It allows an unauthenticated attacker with network access via HTTP to compromise Oracle Marketing, potentially resulting in unauthorized access to critical data or complete access to all Oracle Marketing accessible data, as well as unauthorized update, insert, or delete access to some of Oracle Marketing accessible data. Successful attacks require human interaction from a person other than the attacker. **Recommendations** For versions 12.1.1 through 12.1.3, update to a version outside of this range to mitigate the risk. For versions 12.2.3 through 12.2.10, update to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting access to the Marketing Administration component until a patch is available. Restrict access to sensitive data and implement additional security measures to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Oracle E-Business Suite versions 12.1.1 through 12.1.3 Oracle E-Business Suite versions 12.2.3 through 12.2.10 **Description** The issue is related to insufficient input validation in the Marketing Administration component of Oracle Marketing. It allows an unauthenticated attacker with network access via HTTP to compromise Oracle Marketing, potentially resulting in unauthorized access to critical data or complete access to all Oracle Marketing accessible data, as well as unauthorized update, insert, or delete access to some of Oracle Marketing accessible data. Successful attacks require human interaction from a person other than the attacker. **Recommendations** For versions 12.1.1 through 12.1.3, update to a version outside of this range to mitigate the risk. For versions 12.2.3 through 12.2.10, update to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting access to the Marketing Administration component until a patch is available. Restrict access to sensitive data and implement additional security measures to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Oracle E-Business Suite versions 12.1.3 and 12.2.3 through 12.2.9 **Description** The issue is related to insufficient input validation in the CRM User Management Framework component of Oracle Common Applications. This allows an unauthenticated attacker with network access via HTTP to compromise Oracle Common Applications, potentially leading to unauthorized update, insert, or delete access to some of Oracle Common Applications' accessible data. Successful attacks require human interaction from a person other than the attacker and may significantly impact additional products. **Recommendations** For versions 12.1.3 and 12.2.3 through 12.2.9, consider restricting access to the CRM User Management Framework component to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the vulnerable component of Oracle Common Applications until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Oracle E-Business Suite versions 12.1.3 and 12.2.3 through 12.2.9 **Description** The issue is related to insufficient input validation in the CRM User Management Framework component of Oracle Common Applications. It allows an unauthenticated attacker with network access via HTTP to compromise Oracle Common Applications, requiring human interaction from a person other than the attacker. Successful attacks can result in unauthorized update, insert, or delete access to some of Oracle Common Applications' accessible data, potentially impacting additional products. **Recommendations** For versions 12.1.3 and 12.2.3 through 12.2.9, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.2.9 Description: The issue is related to insufficient input validation in the Popups component of the Oracle Applications Framework. It allows an unauthenticated attacker with network access via HTTP to compromise the framework, potentially leading to unauthorized access to critical data or complete access to all accessible data, as well as unauthorized update, insert, or delete access to some accessible data. Successful attacks require human interaction from a person other than the attacker. Recommendations: For version 12.2.9, consider restricting access to the Popups component until a patch is available. As a temporary workaround, avoid using the Popups component in the Oracle Applications Framework to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MySQL Server versions 8.0.20 and prior **Description** The issue is related to a lack of protection for service data in the InnoDB component of Oracle MySQL Server. This can be exploited by a highly privileged attacker with network access via multiple protocols to compromise MySQL Server, potentially resulting in unauthorized read access to a subset of MySQL Server accessible data. Successful attacks can also cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. **Recommendations** For versions 8.0.20 and prior, update to a version later than 8.0.20 to resolve the issue. As a temporary workaround, consider restricting network access to MySQL Server to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SQLite versions prior to 3.32.0 **Description** The issue is related to an integer overflow in the `sqlite3 str vappendf` function in `printf.c`, which can be exploited to cause a denial of service. **Recommendations** For versions prior to 3.32.0, update to a version that includes improved checks to address the issue.