A server side request forgery present in getKeyInfoData function of oracle.security.xmlsec.keys.RetrievalMethod and a deserialization vulnerability present in the ADF Faces framework allows a unauthenticated attacker with network access via HTTP to execute system commands.
CVE Link
Exploit Type
Product Name