CVE-2023-22076: 
Oracle E-Business Suite vulnerability analysis and mitigation

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Personalization). The vulnerability affects supported versions from 12.2.3 to 12.2.12. This is an easily exploitable vulnerability that allows unauthenticated attackers with network access via HTTP to compromise Oracle Applications Framework (Oracle CPU Oct 2023).

The vulnerability requires human interaction from a person other than the attacker, and while the vulnerability exists in Oracle Applications Framework, attacks may significantly impact additional products through scope change. The vulnerability has been assigned a CVSS 3.1 Base Score of 6.1, indicating medium severity, with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N (Oracle CPU Oct 2023).

Successful exploitation of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data as well as unauthorized read access to a subset of Oracle Applications Framework accessible data (Oracle CPU Oct 2023).

Oracle has released security patches to address this vulnerability as part of the October 2023 Critical Patch Update. Oracle strongly recommends that customers apply the security patches as soon as possible (Oracle CPU Oct 2023).