CVE-2023-22093: 
Oracle E-Business Suite vulnerability analysis and mitigation

Vulnerability in the Oracle iRecruitment product of Oracle E-Business Suite (component: Requisition and Vacancy) affects supported versions 12.2.3-12.2.12. This is an easily exploitable vulnerability that allows unauthenticated attackers with network access via HTTP to compromise Oracle iRecruitment (Oracle CPU Oct 2023).

The vulnerability has a CVSS 3.1 Base Score of 6.5, indicating Medium severity, with impacts on Confidentiality and Integrity. The CVSS Vector is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N), which indicates Network attack vector, Low attack complexity, No privileges required, No user interaction needed, Unchanged scope, and Low impact on both Confidentiality and Integrity with No impact on Availability (Oracle CPU Oct 2023).

Successful exploitation can result in unauthorized update, insert or delete access to some of Oracle iRecruitment accessible data as well as unauthorized read access to a subset of Oracle iRecruitment accessible data (Oracle CPU Oct 2023).

Oracle has released patches as part of the October 2023 Critical Patch Update. Organizations should apply the security patches as soon as possible to affected Oracle E-Business Suite versions 12.2.3-12.2.12 (Oracle CPU Oct 2023).