CVE-2023-22004: 
Oracle E-Business Suite vulnerability analysis and mitigation

Vulnerability in the Oracle Applications Technology product of Oracle E-Business Suite (component: Reports Configuration) affects supported versions 12.2.3-12.2.12. This vulnerability was disclosed in July 2023 and allows unauthenticated attackers with network access via HTTP to potentially compromise Oracle Applications Technology (Oracle Advisory).

The vulnerability has been assigned a CVSS 3.1 Base Score of 4.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N. The scoring indicates that the vulnerability is network-accessible (AV:N), requires low attack complexity (AC:L), needs no privileges (PR:N), requires user interaction (UI:R), has unchanged scope (S:U), and can only impact integrity (I:L) with no effect on confidentiality or availability (Oracle Advisory).

Successful exploitation of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Technology accessible data. The impact is limited to data integrity, with no confidentiality or availability impacts reported (Oracle Advisory).

Oracle has released patches to address this vulnerability as part of the July 2023 Critical Patch Update. Organizations running affected versions (12.2.3-12.2.12) of Oracle E-Business Suite should apply the security patches without delay (Oracle Advisory).