Description

Adfresource servlet of Oracle Business Intelligence has a path traversal vulnerability. An attacker can craft a request that accesses potentially sensitive information on the server, which may lead to takeover of the server.

Remediation

Upgrade to the latest version of Oracle Business Intelligence. This issue was fixed in Oracle Critical Patch Update - April 2019

References

Oracle Critical Patch Update Advisory - April 2019

Related Vulnerabilities

WordPress Plugin Count per Day Information Disclosure (3.2.5)

WordPress Plugin iThemes Security (formerly Better WP Security) Information Disclosure (5.1.1)

Liferay DXP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2022-42132)

Drupal Core 9.2.x Directory Traversal (9.2.0 - 9.2.1)

TYPO3 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-3946)

Severity

High

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Directory Traversal