CVE-2023-21847: 
Oracle E-Business Suite vulnerability analysis and mitigation

Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Download). The vulnerability affects supported versions 12.2.3-12.2.12. This is an easily exploitable vulnerability that allows low privileged attackers with network access via HTTP to compromise Oracle Web Applications Desktop Integrator (Oracle CPU Jan 2023).

The vulnerability requires human interaction from a person other than the attacker, and while the vulnerability is in Oracle Web Applications Desktop Integrator, attacks may significantly impact additional products through scope change. The vulnerability has been assigned a CVSS 3.1 Base Score of 5.4, indicating moderate severity with Confidentiality and Integrity impacts. The CVSS Vector is (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) (Oracle CPU Jan 2023).

Successful exploitation of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Web Applications Desktop Integrator accessible data, as well as unauthorized read access to a subset of Oracle Web Applications Desktop Integrator accessible data (Oracle CPU Jan 2023).

Oracle has released security patches to address this vulnerability as part of the January 2023 Critical Patch Update. Oracle strongly recommends that customers apply Critical Patch Update security patches as soon as possible (Oracle CPU Jan 2023).