CVE-2021-2267

Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.1.1 through 12.1.3

Description: The issue is related to errors in the code of the User Interface component of the Oracle Labor Distribution product. It allows a low-privileged attacker with network access via HTTP to compromise Oracle Labor Distribution, resulting in unauthorized creation, deletion, or modification access to critical data or all accessible data, as well as unauthorized access to critical data or complete access to all accessible data.

Recommendations: For versions 12.1.1 through 12.1.3, consider restricting access to the User Interface component until a patch is available. As a temporary workaround, limit the use of HTTP requests to minimize the risk of exploitation.