Description
Oracle Reports, a component of Oracle Fusion Middleware is Oracle's award-winning, high-fidelity enterprise reporting tool. Oracle Reports Services RWServlet showenv is publicly accessible, exposing the contents of the system environment variables.
Environment variables are a set of dynamic named values that can affect the way running processes will behave on a computer. For example, an environment variable with a standard name can designate the location that a particular computer system uses to store temporary files but this may vary from one computer system to another.
Remediation
Restrict access to this endpoint.
References
Related Vulnerabilities
PrestaShop Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2022-46158)
WordPress Plugin JM Twitter Cards Information Disclosure (6.1)
Tiki Wiki CMS: Remote Code Execution via Calendar Module
WordPress Plugin WP REST API (WP API) Information Disclosure (1.2)
WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-29450)