This Security Alert addresses vulnerability CVE-2022-21500, which affects some deployments of Oracle E-Business Suite. This vulnerability is remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. If successfully exploited, this vulnerability may result in the exposure of personally identifiable information (PII).
Oracle strongly recommends that customers apply the updates provided by this Security Alert as soon as possible.
Oracle SaaS cloud environments are not affected by this vulnerability. This vulnerability could affect the E-Business Suite deployments of Oracle Managed Cloud Services customers. Oracle Managed Cloud Services customers should consult their account team for assistance.