Description
Adfresource servlet of Oracle Business Intelligence has a path traversal vulnerability. An attacker can craft a request that accesses potentially sensitive information on the server, which may lead to takeover of the server.
Remediation
Upgrade to the latest version of Oracle Business Intelligence. This issue was fixed in Oracle Critical Patch Update - April 2019
References
Related Vulnerabilities
Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-7853)
Lighttpd Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2008-1270)
WordPress 4.3.x Multiple Vulnerabilities (4.3 - 4.3.4)
SAP Portal directory traversal vulnerability
PrestaShop Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2020-15080)