CVE-2021-2260

Name of the Vulnerable Software and Affected Versions Oracle E-Business Suite versions 12.1.3

Description The issue is related to inadequate access control in the iRecruitment component of Oracle Human Resources, allowing a low-privileged attacker with network access via HTTP to compromise Oracle Human Resources. Successful attacks can result in unauthorized creation, deletion, or modification access to critical data or all Oracle Human Resources accessible data, as well as unauthorized access to critical data or complete access to all Oracle Human Resources accessible data.

Recommendations For version 12.1.3, consider restricting access to the iRecruitment component until a patch is available to minimize the risk of exploitation. Additionally, review and strengthen access controls for Oracle Human Resources to prevent unauthorized data modification or access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.