Oracle E-Business Suite version 12.1.3 suffers from an XXE injection vulnerability in the /OA_HTML/oramipp_lpr servlet.
de8ff071f7c958b91bd1cfd996007fd7b0ecb3dec217f9ae5e66e3d96ad27826
Oracle E-Business Suite version 12.1.3 suffers from an XXE injection vulnerability in the /OA_HTML/IspPunchInServlet servlet.
6fb7e76643fd36ba0f6358346bf6ca64dbdedb6d5bcb98f6fd505aead1f86292
Oracle E-Business Suite version 12.1.3 suffers from an XXE injection vulnerability in the /OA_HTML/copxml servlet.
64f773023ff0e889e6870ab0b5f1dc0367b44615f3ae94952e1f839c93009706
Oracle E-Business Suite suffers from a cross site scripting vulnerability. Version 12.1.4 is affected.
330164019ca36985ae57a2a7d3254a6caf05cc6e3de339d6d2d0609cb18a4c10
Oracle E-Business Suite suffers from a remote SQL injection vulnerability. Versions 12.1.3 and 12.1.4 are affected.
bed7d6cdc8769e52a8aa6079d2197b1a4a13e686111b6e01d1e0c62a2b41c50d
There is a script in EBS that is used to connect to the database and displays the connection status. Different connection results can help an attacker to find existing database accounts. Version 12.2.4 is affected.
1aa0dba66e594f4a17c1c25ee299403e80adb017253f58e948040cbe8038ad7f