|
|
|||
| Rule General Information |
|---|
| Release Date: | 2022-12-05 | |
| Rule Name: | Oracle E-Business Suite Local File Inclusion Vulnerability | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Oracle E-Business Suite is a comprehensive enterprise resource planning (ERP) software solution that covers multiple business areas such as finance, supply chain, and human resources. There is a local file inclusion vulnerability in versions 12.2.5 and 12.2.6, which may allow attackers to read, execute, or delete local files, thereby obtaining sensitive information or performing malicious operations on the system. | |
| Impact: | When the file operation function in the application that does not filter the file path effectively, an attacker can import the path of a file which contains malicious code, causing a file inclusion vulnerability and executing malicious code. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | ||
| Solutions |
|---|
| Please contact the software vendor to update the software patch. |