CVE-2015-4851XML External Entity (XXE) Injection in Oracle E-business Suite

3 documents3 sources
Severity
6.8MEDIUMNVD
EPSS
1.4%
top 19.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Oracle E-business Suite
Timeline
PublishedOct 21
Latest updateMay 14

Description

Unspecified vulnerability in the Oracle iSupplier Portal component in Oracle E-Business Suite 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to XML input. NOTE: the previous information is from the October 2015 CPU. Oracle has not commented on third-party claims that this issue is an XML External Entity (XXE) vulnerability, which allows remote attackers to read arbitrary files, cause a denial of service, or co

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

NVDoracle/e-business_suite4 versions+3

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

2
GHSA
GHSA-2j2g-cp36-w2mh: Unspecified vulnerability in the Oracle iSupplier Portal component in Oracle E-Business Suite 122022-05-14
CVEList
CVE-2015-4851: Unspecified vulnerability in the Oracle iSupplier Portal component in Oracle E-Business Suite 122015-10-21
CVE-2015-4851 — XML External Entity (XXE) Injection | cvebase