VULHUB ™

Oracle E-Business suite RRA/FNDFS server has been reported prone to an arbitrary file disclosure vulnerability. The Oracle FNDFS server is used in usual circumstances, by Oracle utilities, to retrieve and extract report data from Concurrent Manager server. It has been reported that FNDFS may be used by an attacker to reveal the contents of arbitrary files located on the Concurrent Manager server that are readable by 'oracle' or 'applmgr' user accounts. Sensitive information obtained in this manner may be used in further attacks launched against the vulnerable system.

Oracle E-Business suite RRA/FNDFS server has been reported prone to an arbitrary file disclosure vulnerability. The Oracle FNDFS server is used in usual circumstances, by Oracle utilities, to retrieve and extract report data from Concurrent Manager server. It has been reported that FNDFS may be used by an attacker to reveal the contents of arbitrary files located on the Concurrent Manager server that are readable by 'oracle' or 'applmgr' user accounts. Sensitive information obtained in this manner may be used in further attacks launched against the vulnerable system.