We are pleased to announce an enhancement to Oracle E-Business Suite security whereby the SameSite cookie attribute setting is now available for EBS 12.2 and EBS 12.1.3. Setting the SameSite cookie attribute provides additional protection against cross-site request forgery (CSRF). We highly recommend that you apply the required patches and enable the SameSite cookie attribute for Oracle E-Business Suite.
When enabling the SameSite cookie attribute, be certain to test integrations that are deployed to a domain that is different from the EBS domain. A few examples of integrations that may have a different domain include iProcurement punchout or single sign-on integration with Oracle Access Manager or Identity Cloud Service.
For Oracle E-Business Suite Release 12.2, Patch 29672027:R12.TXK.C delivers context file parameters to enable and configure the SameSite cookie attribute. For the latest requirement and configuration details, refer to the following:
For Oracle E-Business Suite Release 12.1.3, Patch 30185574:R12.FND.B delivers a profile to enable and configure the SameSite cookie attribute. For the latest requirement and configuration details, refer to the following: