CVE-2022-21545

Name of the Vulnerable Software and Affected Versions Oracle E-Business Suite versions 12.2.3 through 12.2.11

Description The issue allows an unauthenticated attacker with network access via HTTP to compromise Oracle iRecruitment, resulting in unauthorized read access to a subset of Oracle iRecruitment accessible data. The vulnerability exists due to insufficient input validation in the Candidate Self Service Registration component.

Recommendations For versions 12.2.3 through 12.2.11, update to a version that includes the fix for this issue to prevent unauthorized read access. As a temporary workaround, consider restricting access to the Candidate Self Service Registration component until a patch is available.