CVE-2023-22106

Name of the Vulnerable Software and Affected Versions Oracle Enterprise Command Center Framework versions 8 through 10

Description The issue is related to insufficient input validation in the Oracle Enterprise Command Center Framework product of Oracle E-Business Suite, specifically in the API component. This allows a low-privileged attacker with network access via HTTP to compromise the framework, resulting in unauthorized access to critical data or complete access to all accessible data.

Recommendations For versions 8 through 10, consider restricting access to the API component until a patch is available. As a temporary workaround, disabling the vulnerable API endpoint may help minimize the risk of exploitation. Restricting network access via HTTP to the Oracle Enterprise Command Center Framework can also help reduce the risk of unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.