Description

Oracle Reports, a component of Oracle Fusion Middleware is Oracle's award-winning, high-fidelity enterprise reporting tool. Oracle Reports Services RWServlet showenv is publicly accessible, exposing the contents of the system environment variables.

Environment variables are a set of dynamic named values that can affect the way running processes will behave on a computer. For example, an environment variable with a standard name can designate the location that a particular computer system uses to store temporary files but this may vary from one computer system to another.

Remediation

Restrict access to this endpoint.

References

Environment variable

Related Vulnerabilities

Unrestricted access to NGINX+ Dashboard

WordPress Plugin WP Import Export Lite Information Disclosure (3.9.15)

Server-based source code disclosures

Sensitive pages could be cached

GoCD information disclosure (CVE-2021-43287)

Severity

Low

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure Acumonitor