Oracle Business Transaction Management Server version 12.1.0.2.7 suffers from a remote code execution vulnerability in the FlashTunnelService WriteToFile message. Proof of concept included.
acb8d1760f5f38380a8cfd44a94ad8e001b2abf766fc39b9cc5f2f92f8d61758