A vulnerability in Oracle's E-Business Suite Report Review Agent (RRA) allows arbitrary files to be retrieved with no authentication.
A vulnerability exists in the Oracle E-Business Suite Report Review Agent (RRA). This vulnerability may allow a remote attacker to retrieve arbitrary information from Oracle Applications Concurrent Manager servers prior to authentication. For more information, please see the following documents:
A remote attacker may be able to retrieve arbitrary information from Oracle Applications Concurrent Manager servers prior to authentication.
Apply a vendor supplied patch.
This vulnerability was discovered by Stephen Kost of Integrigy Corporation.
This document was written by Ian A Finlay.
|Date First Published:||2003-04-14|
|Date Last Updated:||2003-04-14 16:54 UTC|