CVE-2023-21983

Name of the Vulnerable Software and Affected Versions Application Express Administration versions 18.2 through 22.2

Description The issue is related to insufficient input validation in the Application Express Administration product of Oracle Application Express. It allows an unauthenticated attacker with network access via HTTP to compromise the Application Express Administration. Successful attacks can result in unauthorized update, insert, or delete access to some data, as well as unauthorized read access to a subset of data and the ability to cause a partial denial of service.

Recommendations For versions 18.2 through 22.2, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the Application Express Administration product to minimize the risk of exploitation. Avoid using the HTTP protocol to access the Application Express Administration until the issue is resolved. Restrict network access to the Application Express Administration product to prevent unauthorized attacks.