Unspecified vulnerability in the Application Mgmt Pack for E-Business Suite component in Oracle E-Business Suite 12.1 and 12.2 allows remote attackers to affect confidentiality via vectors related to REST Framework, a different vulnerability than CVE-2016-0457. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this issue is an XML External Entity (XXE) vulnerability, which allows remote attackers to read arbitrary files, cause a denial of service, conduct server-side request forgery (SSRF) attacks, or conduct SMB Relay attacks via a crafted DTD in an XML request to OA_HTML/copxmllcmservicecontroller.js.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: oracle

Published: 2016-01-21T02:00:00

Updated: 2024-08-05T22:22:55.315Z

Reserved: 2015-12-09T00:00:00

Link: CVE-2016-0456

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2016-01-21T03:00:05.663

Modified: 2024-11-21T02:41:43.843

Link: CVE-2016-0456

cve-icon Redhat

No data.