CVE-2021-2393

Name of the Vulnerable Software and Affected Versions Oracle E-Records versions 12.1.1 through 12.1.3 Oracle E-Records versions 12.2.3 through 12.2.10

Description The issue is related to insufficient input validation in the E-signatures component of Oracle E-Records, part of the Oracle E-Business Suite. This allows a low-privileged attacker with network access via HTTP to compromise Oracle E-Records. Successful attacks can result in unauthorized creation, deletion, or modification access to critical data or all Oracle E-Records accessible data, as well as unauthorized access to critical data or complete access to all Oracle E-Records accessible data.

Recommendations For Oracle E-Records versions 12.1.1 through 12.1.3, update to a version outside of this range to mitigate the risk. For Oracle E-Records versions 12.2.3 through 12.2.10, update to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting access to the E-signatures component until a patch is available. Avoid using the vulnerable component via HTTP requests until the issue is resolved.