XML External Entity Vulnerability in Oracle E-Business Suite
CVE-2016-0456

Currently unrated

Key Information:

Vendor
Oracle
Vendor
CVE Published:
21 January 2016

Summary

An unspecified vulnerability in the Application Management Pack for E-Business Suite component in Oracle E-Business Suite versions 12.1 and 12.2 exposes the system to potential risks related to XML External Entity (XXE) attacks. Attackers could exploit this vulnerability via crafted DTDs in XML requests directed at the OA_HTML/copxmllcmservicecontroller.js endpoint, leading to unauthorized access to sensitive files, denial of service conditions, or even server-side request forgery (SSRF) attacks. This vulnerability has raised concerns regarding confidentiality and the integrity of information processed by affected systems.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.