Oracle.Business.Intelligence.XML.Publisher.XXE
Description
This indicates an attack attempt to exploit an External Entity Injection Vulnerability in Oracle Business Intelligence Publisher.
The vulnerability is due to an error in the application when handling a crafted XML file. A remote, unauthenticated attacker could exploit this vulnerability by sending crafted requests to the target server. Successful exploitation could lead to the disclosure of file contents for any file readable by the target service.
Affected Products
Oracle Business Intelligence Publisher 11.1.1.9.0
Oracle Business Intelligence Publisher 12.2.1.3.0
Oracle Business Intelligence Publisher 12.2.1.4.0
Impact
Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://www.oracle.com/security-alerts/cpuapr2019.html
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |