Vulnerability Description The XML Parser module in Oracle Database is vulnerable to XML External Entity (XXE) Injection. Affected versions: 11.2.0.3, 11.2.0.4, 12.1.0.1 and 12.1.0.2 Privilege required: CREATE SESSION Technical Details Due to the security features in Oracle’s XML parser, the external schema is resolved, but not parsed. This prevents certain XXE injection attacks, such as reading … Continue reading Advisory: XXE Injection in Oracle Database (CVE-2014-6577)