CVE-2021-35611

Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.1.1 through 12.1.3 Oracle E-Business Suite versions 12.2.3 through 12.2.10

Description: The issue allows a low-privileged attacker with network access via HTTP to compromise Oracle Sales Offline, resulting in a partial denial of service (DOS) of Oracle Sales Offline. This can be achieved due to a vulnerability in the Oracle Sales Offline product, specifically in the Offline Template component.

Recommendations: For versions 12.1.1 through 12.1.3, update to a version outside of this range to mitigate the risk. For versions 12.2.3 through 12.2.10, update to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting access to the HTTP endpoint to minimize the risk of exploitation.