4 matches found
[ERPSCAN-15-030] Oracle E-Business Suite - XXE injection Vulnerability
ADVISORY INFORMATION Title: Oracle E-Business Suite XXE injection Advisory ID: ERPSCAN-15-030 Advisory URL: http://erpscan.com/advisories/erpscan-15-030-oracle-e-business-suite-xxe-injection-vulnerability/ Date published: 20.10.2015 Vendors contacted: Oracle 2. VULNERABILITY INFORMATION Class:...
CVE-2015-4851
Unspecified vulnerability in the Oracle iSupplier Portal component in Oracle E-Business Suite 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to XML input. NOTE: the previous information is from the October 2015...
CVE-2015-4851
CVE-2015-4851 affects Oracle E-Business Suite iSupplier Portal (e.g., 12.1.3) with XML input handling vulnerability leading to possible XML External Entity (XXE) conditions. Public sources (ERPScan advisory ERPSCAN-15-030 and related vulnerability listings) describe an XXE injection vector that c...
Oracle E-Business Suite - XXE injection vulnerability
Application: E-Business Suite Vendor URL: Oracle Bugs: XXE injection Reported: 17.07.2015 Vendor response: 24.07.2015 Date of Public Advisory:20.10.2015 Reference: Oracle CPU Oct 2015 Authors: Nikita Kelesis, Ivan Chalykin, Alexey Tyurin ERPScan VULNERABILITY INFORMATION Class: XML External Entit...