Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5766

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2007-5766
Last Modified 22 Oct 2012 10:37:20
Published 08 Nov 2007 03:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-5766

Summary

SQL injection vulnerability in okxLOV.jsp in Oracle E-Business Suite 11 and 12 allows remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: this is probably the same issue as CVE-2007-5527 or CVE-2007-5528, but there are insufficient details to be sure.

Vulnerable Systems

Application

  • Oracle E-business Suite 11i

  • Oracle E-business Suite 12


References

BUGTRAQ - 20071031 ZDI-07-058: Oracle E-Business Suite SQL Injection Vulnerability

MISC - http://www.zerodayinitiative.com/advisories/ZDI-07-058.html

CONFIRM - http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2007.html

OSVDB - 40080

SREASON - 3344

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpuoct2007-092913.html


Last Updated: 27 May 2016 11:01:12