SSD Advisory – Oracle Knowledge Management XXE Leading to a RCE

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom

Vulnerability Summary
The following advisory describe Information Disclosure found in Oracle Knowledge Management version 8.5.1.

By enabling searches across a wide variety of sources, Oracle’s InQuira knowledge management products offer simple and convenient ways for users to access knowledge that was once hidden in the myriad systems, applications, and databases used to store enterprise content.

Oracle’s products for knowledge management help users find useful knowledge contained in corporate information stores.

Credit
An independent security researcher, Steven Seeley, has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.

Vendor response
Oracle has released patches to address this vulnerability, for more details see: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html.

Continue reading SSD Advisory – Oracle Knowledge Management XXE Leading to a RCE