CVE-2021-2233

Name of the Vulnerable Software and Affected Versions: Oracle Enterprise Asset Management versions 12.1.1 through 12.1.3 Oracle Enterprise Asset Management versions 12.2.3 through 12.2.10

Description: The issue is related to errors in the code of the Setup component of Oracle Enterprise Asset Management in Oracle E-Business Suite. It can be exploited by a remote attacker using HTTP requests, allowing unauthorized access to the device. Successful attacks can result in unauthorized creation, deletion, or modification of critical data, as well as complete access to all accessible data.

Recommendations: For versions 12.1.1 through 12.1.3, update to a version outside of this range to resolve the issue. For versions 12.2.3 through 12.2.10, update to a version outside of this range to resolve the issue. As a temporary workaround, consider restricting access to the Setup component until a patch is available. Avoid using HTTP requests to access the Oracle Enterprise Asset Management product until the issue is resolved.