Description
Due to insecure handling of XML DTD, Oracle EBS lcmServiceController script allows remote attackers to interact with internal network resources via Blind Server Side Request Forgery (SSRF).
Remediation
Upgrade to the latest version of Oracle E-Business Suite