ReportTemplateService service in Oracle Business Intelligence has an XXE vulnerability. This vulnerability allows an attacker to send crafted requests to a web application for extraction of secrets from the file system, server-side request forgery or denial-of-service attacks.


Upgrade to the latest version of Oracle Business Intelligence. This issue was fixed in Oracle Critical Patch Update - April 2019


Related Vulnerabilities