17 Sep 2012
Oracle Business Transaction Management (BTM) 12.x
This covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user.
A vulnerability has been reported in Oracle Business Transaction Management, which can be exploited by malicious people to compromise a vulnerable system.
Input passed to the "writeToFile()" method in the FlashTunnelService SOAP interface is not properly verified before being used to store files. This can be exploited to upload arbitrary files via directory traversal sequences.
The vulnerability is reported in version 184.108.40.206. Other versions may also be affected.
No official solution is currently available.
Andrea Micalizzi aka rgod.