XML External Entity Vulnerability in Oracle E-Business Suite
CVE-2016-0456
Currently unrated
Summary
An unspecified vulnerability in the Application Management Pack for E-Business Suite component in Oracle E-Business Suite versions 12.1 and 12.2 exposes the system to potential risks related to XML External Entity (XXE) attacks. Attackers could exploit this vulnerability via crafted DTDs in XML requests directed at the OA_HTML/copxmllcmservicecontroller.js endpoint, leading to unauthorized access to sensitive files, denial of service conditions, or even server-side request forgery (SSRF) attacks. This vulnerability has raised concerns regarding confidentiality and the integrity of information processed by affected systems.
References
Timeline
Vulnerability published
Vulnerability Reserved