Unspecified Vulnerability in Oracle Application Testing Suite Affecting Oracle Enterprise Manager
CVE-2016-0480

Currently unrated

Key Information:

Vendor: Oracle
Status: Application Testing Suite
Vendor: CVE Published:; 21 January 2016

Summary

An unspecified vulnerability in the Oracle Application Testing Suite within Oracle Enterprise Manager Grid Control allows remote attackers to affect the confidentiality of the system. This issue may be related to a directory traversal vulnerability in the DownloadServlet which could permit remote attackers to read arbitrary files by exploiting the TMAPReportImage parameter using directory traversal sequences. This unauthenticated access raises concerns about potential data exposure.

References

http://www.oracle.com/technetwork/topics/security/cpujan2...

x_refsource_CONFIRM

http://www.zerodayinitiative.com/advisories/ZDI-16-043

x_refsource_MISC

http://www.securitytracker.com/id/1034734

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Jan 21, 2016
Vulnerability Reserved
Dec 9, 2015