Oracle Releases Security Alert Advisory for CVE-2022-21500

Vulnerability in Oracle E-Business Suite could result in the exposure of personally identifiable information (PII)

Threat ID:: CC-4101
Threat Severity:: Information only
Published:: 26 May 2022 4:06 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Vulnerability in Oracle E-Business Suite could result in the exposure of personally identifiable information (PII)

Affected platforms

The following platforms are known to be affected:

Oracle E-Business Suite

Threat details

Introduction

Oracle has released a Security Alert Advisory for CVE-2022-21500, a vulnerability which affects E-Business Suite. This vulnerability is easily exploitable, but has a lower CVSSv3.1 score of 7.5 because it strongly affects confidentiality, but it does not impact the integrity or the availability of the application or its data. A remote, unauthenticated attacker could exploit this vulnerability to obtain personally identifiable information.

Remediation advice

Affected organisations are encouraged to review the Oracle Security Alert Advisory - CVE-2022-21500 and apply the necessary updates or workarounds.

Definitive source of threat updates

CVE Vulnerabilities

Status Published

CVE-2022-21500

Last edited: 26 May 2022 4:06 pm