This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Beehive. Authentication is not required to exploit this vulnerability. The specific flaw exists within the voice-servletβs playAudioFile.jsp. The method prepareAudioToPlay contains vulnerable parameters allowing for an attacker to write arbitrary content to the web application. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of SYSTEM.