Issued: Wednesday, 25 May, 2022 |
Last Revision: Wednesday, 25 May, 2022 |
Vendor: |
Product: |
Severity Level: |
Oracle has issued an out-of-band security alert advisory for Oracle E-Business Suite (EBS) to address a security vulnerability involving information exposure.
This vulnerability can be remotely exploited over network without requiring a username and password. If this flaw is effectively exploited, personally identifiable information could be exposed (PII) or complete access to all Oracle E-Business Suite accessible data.
This vulnerability does not affect Oracle SaaS cloud environments. Oracle Managed Cloud Services clients' E-Business Suite deployments may be affected by this issue. Customers using Oracle Managed Cloud Services should contact their account team for assistance.
CVE/Vulnerability | Description | CVSS3.0 Score |
CVE-2022-21500 | Information disclosure security vulnerability | 7.5 |
Table 1: Vulnerability details
CVE/Vulnerability | Affected Products and Versions | |
CVE-2022-21500 | Oracle E-Business Suite, versions 12.1, 12.2 | |
Table 2: Vulnerable versions
Entities are advised to identify the affected products in their environment and implement the patches provided by Oracle as soon as possible.