Oracle E-Business Suite Report Review Agent (RRA) allows arbitrary files to be retrieved with no authentication

2003-04-14T00:00:00
ID VU:168873
Type cert
Reporter CERT
Modified 2003-04-14T00:00:00

Description

Overview

A vulnerability in Oracle's E-Business Suite Report Review Agent (RRA) allows arbitrary files to be retrieved with no authentication.

Description

A vulnerability exists in the Oracle E-Business Suite Report Review Agent (RRA). This vulnerability may allow a remote attacker to retrieve arbitrary information from Oracle Applications Concurrent Manager servers prior to authentication. For more information, please see the following documents:


Impact

A remote attacker may be able to retrieve arbitrary information from Oracle Applications Concurrent Manager servers prior to authentication.


Solution

Apply a vendor supplied patch.


Mitigation