Oracle Retail Integration Bus versions 13.0, 13.1, and 13.2 suffer from a directory traversal vulnerability. Unfortunately, as usual, the NCC group are withholding any details for three months.
6f8a1120d684841ffb90bdd49168f11bb340737bbffc7f5797135391c8ec0273