Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Oracle E-Business Suite SSRF (CVE-2018-3167) - Vulnerability Database

Oracle E-Business Suite SSRF (CVE-2018-3167)

Description

Due to insecure handling of XML DTD, Oracle EBS lcmServiceController script allows remote attackers to interact with internal network resources via Blind Server Side Request Forgery (SSRF).

Remediation

Upgrade to the latest version of Oracle E-Business Suite

References

Oracle Critical Patch Update Advisory - October 2018

Related Vulnerabilities

SAP BO BIP SSRF (CVE-2020-6308) Medium
Common tags: Acumonitor SSRF
Oracle Weblogic T3 XXE (CVE-2019-2647) High
Common tags: Acumonitor SSRF
Paperclip gem SSRF (Server side request forgery) High
Common tags: Acumonitor SSRF
Reverse proxy misrouting High
Common tags: Acumonitor SSRF
Unvalidated JWT jku parameter High
Common tags: Acumonitor SSRF

Severity

Medium

Classification

CVE-2018-3167
CWE-918
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Acumonitor
SSRF