Oracle Security Alerts CVE202561882
pThis Security Alert addresses vulnerability CVE202561882 in Oracle EBusiness Suite This vulnerability is remotely exploitable without authentication ie it may be exploited over a network without the need for a username and password If successfully exploited this vulnerability may result in remote code execution
Oracle strongly recommends that customers apply the updates provided by this Security Alert as soon as possible Oracle always recommends that customers remain on activelysupported versions and apply all Security Alerts and Critical Patch Update security patches without delay Note that the October 2023 Critical Patch Update is a prerequisite for application of the updates in this Security Alert
Indicators of compromise IP addresses observed commands and files to support immediate detection hunting and containment are detailed below the risk matrixppSecurity vulnerabilities addressed by this Security Alert affect the products listed belowppPlease click on the links in the Patch Availability Document column below to access the documentation for patch availability information and installation instructions ppPatches released through the Security Alert program are provided only for product versions that are covered under the Premier Support or Extended Support phases of the Lifetime Support Policy Oracle recommends that customers plan product upgrades to ensure that patches released through the Security Alert program are available for the versions they are currently runningppProduct releases that are not under Premier Support or Extended Support are not tested for the presence of vulnerabilities addressed by this Security Alert However it is likely that earlier versions of affected releases are also affected by these vulnerabilities As a result Oracle recommends that customers upgrade to supported versionsppRisk matrices list only security vulnerabilities that are newly addressed by the patches associated with this advisory Risk matrices for previous security patches can be found in previous Critical Patch Update advisories and Alerts An English text version of the risk matrices provided in this document is hereppSecurity vulnerabilities are scored using CVSS version 31 see Oracle CVSS Scoring for an explanation of how Oracle applies CVSS version 31ppOracle conducts an analysis of each security vulnerability addressed by a Security Alert Oracle does not disclose detailed information about this security analysis to customers but the resulting Risk Matrix and associated documentation provide information about conditions required to exploit the vulnerability and the potential impact of a successful exploit Oracle provides this information so that customers may conduct their own risk analysis based on the particulars of their product usage For more information see Oracle vulnerability disclosure policiesppThe protocol in the risk matrix implies that all of its secure variants are affected as well For example if HTTP is listed as an affected protocol it implies that HTTPS is also affected The secure variant of a protocol is listed in the risk matrix only if it is the only variant affectedppThe following people or organizations reported security vulnerabilities addressed by this Security Alert to Oracle None credited in this Security Alertpp ppThis Security Alert contains 1 new security patch for Oracle EBusiness Suite This vulnerability is remotely exploitable without authentication ie may be exploited over a network without requiring user credentials The English text form of this Risk Matrix can be found herep
Oracle strongly recommends that customers apply the updates provided by this Security Alert as soon as possible Oracle always recommends that customers remain on activelysupported versions and apply all Security Alerts and Critical Patch Update security patches without delay Note that the October 2023 Critical Patch Update is a prerequisite for application of the updates in this Security Alert
Indicators of compromise IP addresses observed commands and files to support immediate detection hunting and containment are detailed below the risk matrixppSecurity vulnerabilities addressed by this Security Alert affect the products listed belowppPlease click on the links in the Patch Availability Document column below to access the documentation for patch availability information and installation instructions ppPatches released through the Security Alert program are provided only for product versions that are covered under the Premier Support or Extended Support phases of the Lifetime Support Policy Oracle recommends that customers plan product upgrades to ensure that patches released through the Security Alert program are available for the versions they are currently runningppProduct releases that are not under Premier Support or Extended Support are not tested for the presence of vulnerabilities addressed by this Security Alert However it is likely that earlier versions of affected releases are also affected by these vulnerabilities As a result Oracle recommends that customers upgrade to supported versionsppRisk matrices list only security vulnerabilities that are newly addressed by the patches associated with this advisory Risk matrices for previous security patches can be found in previous Critical Patch Update advisories and Alerts An English text version of the risk matrices provided in this document is hereppSecurity vulnerabilities are scored using CVSS version 31 see Oracle CVSS Scoring for an explanation of how Oracle applies CVSS version 31ppOracle conducts an analysis of each security vulnerability addressed by a Security Alert Oracle does not disclose detailed information about this security analysis to customers but the resulting Risk Matrix and associated documentation provide information about conditions required to exploit the vulnerability and the potential impact of a successful exploit Oracle provides this information so that customers may conduct their own risk analysis based on the particulars of their product usage For more information see Oracle vulnerability disclosure policiesppThe protocol in the risk matrix implies that all of its secure variants are affected as well For example if HTTP is listed as an affected protocol it implies that HTTPS is also affected The secure variant of a protocol is listed in the risk matrix only if it is the only variant affectedppThe following people or organizations reported security vulnerabilities addressed by this Security Alert to Oracle None credited in this Security Alertpp ppThis Security Alert contains 1 new security patch for Oracle EBusiness Suite This vulnerability is remotely exploitable without authentication ie may be exploited over a network without requiring user credentials The English text form of this Risk Matrix can be found herep
