Intrusion Prevention



This indicates an attack attempt against an Arbitrary File Upload vulnerability in Oracle E-Business Suite.
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application while handling maliciously crafted file upload request. A remote attacker can exploit this to execute arbitrary code within context of the affected application via a crafted file upload request

Affected Products

Oracle E-Business Suite version 12.2.4 and prior version


System Compromise: Remote attackers can execute arbitrary code in the context of the affected user

Recommended Actions

Apply the most recent upgrade or patch from the vendor.

CVE References


Other References