CVE-2015-4886XML External Entity (XXE) Injection in Oracle E-business Suite

3 documents3 sources
Severity
6.4MEDIUMNVD
EPSS
0.6%
top 31.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Oracle E-business Suite
Timeline
PublishedOct 21
Latest updateMay 14

Description

Unspecified vulnerability in the Oracle Report Manager component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Reports Security. NOTE: the previous information is from the October 2015 CPU. Oracle has not commented on third-party claims that this issue is an XML External Entity (XXE) vulnerability, which allows remote attackers to read arbitrary files, cause a denial of servi

CVSS vector

AV:N/AC:L/C:P/I:P/A:NExploitability: 10.0 | Impact: 4.9

Affected Packages1 packages

NVDoracle/e-business_suite5 versions+4

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

2
GHSA
GHSA-cq6j-72jp-jf63: Unspecified vulnerability in the Oracle Report Manager component in Oracle E-Business Suite 112022-05-14
CVEList
CVE-2015-4886: Unspecified vulnerability in the Oracle Report Manager component in Oracle E-Business Suite 112015-10-21
CVE-2015-4886 — XML External Entity (XXE) Injection | cvebase