XML External Entity Vulnerability in Oracle E-Business Suite
CVE-2016-0457

Currently unrated

Key Information:

Vendor: Oracle
Status: E-business Suite
Vendor: CVE Published:; 21 January 2016

What is CVE-2016-0457?

A vulnerability exists in the Application Mgmt Pack for E-Business Suite that permits remote attackers to compromise data confidentiality through the REST Framework. This vulnerability may allow unauthorized remote access to sensitive information by exploiting crafted XML requests, which can lead to arbitrary file reading and potential denial of service. The implications of this vulnerability include risks associated with server-side request forgery and SMB Relay attacks, highlighting the need for timely remediation.

References

http://www.oracle.com/technetwork/topics/security/cpujan2...

x_refsource_CONFIRM

http://www.securitytracker.com/id/1034726

vdb-entryx_refsource_SECTRACK

https://erpscan.io/advisories/erpscan-16-007-oracle-e-bus...

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 21, 2016
Vulnerability Reserved
Dec 9, 2015