Oracle Business Intelligence Adfresource Path traversal CVE-2019-2588

Description

Adfresource servlet of Oracle Business Intelligence has a path traversal vulnerability. An attacker can craft a request that accesses potentially sensitive information on the server, which may lead to takeover of the server.

Remediation

Upgrade to the latest version of Oracle Business Intelligence. This issue was fixed in Oracle Critical Patch Update - April 2019

References

Oracle Critical Patch Update Advisory - April 2019

Related Vulnerabilities

Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-26278)

XOOPS Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2008-0613)

Apache Tomcat Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2007-5461)

Oracle Database Server CVE-2008-1814 Vulnerability (CVE-2008-1814)

Oracle JRE CVE-2013-5852 Vulnerability (CVE-2013-5852)

Severity

High

Classification

CVE-2019-2588 CWE-200 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N