Description
netinfiltration reported various high severity vulnerabilities (and exploits) affecting Oracle Reports. These vulnerabilities allow an attacker to dump the database passwords, view folder contents, download files, load a phishing page in the browser and even gain a remote shell.
Remediation
Currently, Oracle didn't provided any fix for these vulnerabilities.
References
Related Vulnerabilities
Apache Log4j2 JNDI Remote Code Execution (per folder)
WordPress Plugin WP-Live Chat by 3CX Remote Code Execution (7.0.01)
Drupal Core 6.x Remote Code Execution (6.0 - 6.38)
WordPress Plugin weForms-Easy Drag & Drop Contact Form Builder CSV Injection (1.4.7)
Undertow Improper Input Validation Vulnerability (CVE-2020-1757)