Description

Oracle E-Business Suite iStore allows registering a new user. Therefore, an attacker may interact with the system as an authenticated user.

Remediation

It's recommended to turn off user registration

References

CVE-2022-21500 and Your Oracle E-Business Suite

Related Vulnerabilities

WordPress Plugin ThemeGrill Demo Importer Security Bypass (1.6.1)

WordPress Plugin iThemes Security (formerly Better WP Security) Security Bypass (5.3.0)

HTTP header reflected in cached response

WordPress Plugin WordPress Robots.txt optimization (+ XML Sitemap)-Website traffic, SEO & ranking Booster Security Bypass (1.2.5.1)

WordPress Plugin Spectra-WordPress Gutenberg Blocks Multiple Security Bypass Vulnerabilities (2.3.0)

Severity

Medium

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration Authentication Bypass Information Disclosure