[ERPSCAN-15-030] Oracle E-Business Suite – XXE injection Vulnerability

October 30, 2015 007admin Leave a comment

Posted by ERPScan inc on Oct 30

1. ADVISORY INFORMATION

Title: Oracle E-Business Suite XXE injection
Advisory ID: [ERPSCAN-15-030]
Advisory URL: http://erpscan.com/advisories/erpscan-15-030-oracle-e-business-suite-xxe-injection-vulnerability/
Date published: 20.10.2015
Vendors contacted: Oracle

2. VULNERABILITY INFORMATION

Class: XML External Entity [CWE-611]
Impact: information disclosure, DoS, SSRF, NTLM relay
Remotely Exploitable: Yes
Locally Exploitable: No
CVE Name:…

007 Software

[ERPSCAN-15-030] Oracle E-Business Suite – XXE injection Vulnerability

Leave a Reply Cancel reply

Software and Security Information