Vulnerability Note VU#168873
Oracle E-Business Suite Report Review Agent (RRA) allows arbitrary files to be retrieved with no authentication
A vulnerability in Oracle's E-Business Suite Report Review Agent (RRA) allows arbitrary files to be retrieved with no authentication.
A vulnerability exists in the Oracle E-Business Suite Report Review Agent (RRA). This vulnerability may allow a remote attacker to retrieve arbitrary information from Oracle Applications Concurrent Manager servers prior to authentication. For more information, please see the following documents:
A remote attacker may be able to retrieve arbitrary information from Oracle Applications Concurrent Manager servers prior to authentication.
Apply a vendor supplied patch.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Oracle Corporation||Affected||-||14 Apr 2003|
CVSS Metrics (Learn More)
This vulnerability was discovered by Stephen Kost of Integrigy Corporation.
This document was written by Ian A Finlay.
- CVE IDs: Unknown
- Date Public: 10 Apr 2003
- Date First Published: 14 Apr 2003
- Date Last Updated: 14 Apr 2003
- Severity Metric: 9.38
- Document Revision: 14
If you have feedback, comments, or additional information about this vulnerability, please send us email.