Oracle Reports rwservlet vulnerabilities

Description
  • netinfiltration reported various high severity vulnerabilities (and exploits) affecting Oracle Reports. These vulnerabilities allow an attacker to dump the database passwords, view folder contents, download files, load a phishing page in the browser and even gain a remote shell.
Remediation
  • Currently, Oracle didn't provided any fix for these vulnerabilities.
References