Description
ReportTemplateService service in Oracle Business Intelligence has an XXE vulnerability. This vulnerability allows an attacker to send crafted requests to a web application for extraction of secrets from the file system, server-side request forgery or denial-of-service attacks.
Remediation
Upgrade to the latest version of Oracle Business Intelligence. This issue was fixed in Oracle Critical Patch Update - July 2021