CVE-2022-21500

Name of the Vulnerable Software and Affected Versions Oracle E-Business Suite version 12.2

Description The issue is related to insufficient input validation in the Manage Proxies component, allowing an unauthenticated attacker with network access via HTTP to compromise Oracle E-Business Suite. Successful attacks can result in unauthorized access to critical data or complete access to all Oracle E-Business Suite accessible data. Note that authentication is required for a successful attack, but the user may be self-registered.

Recommendations For Oracle E-Business Suite version 12.2, customers should refer to the Patch Availability Document for details on how to resolve the issue. As a temporary workaround, consider restricting access to the Manage Proxies component until a patch is available.