CVE-2021-2101

Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.1.1 through 12.1.3 Oracle E-Business Suite versions 12.2.3 through 12.2.10

Description: The issue is related to inadequate access control in the Print Server component of Oracle One-to-One Fulfillment. It allows an unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment, resulting in unauthorized creation, deletion, or modification access to critical data or all accessible data.

Recommendations: For versions 12.1.1 through 12.1.3, update to a version outside of this range to mitigate the risk. For versions 12.2.3 through 12.2.10, update to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting access to the Print Server component until a patch is available.