Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5446

Overview

Vulnerability Score 3.5 3.5
CVE Id CVE-2008-5446
Last Modified 22 Oct 2012 10:56:46
Published 13 Jan 2009 09:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2008-5446

Summary

Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10 CU2 and 12.0.6 allows remote authenticated users to affect confidentiality via unknown vectors. NOTE: the previous information was obtained from the January 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is related to unrestricted guest access to the "About Us Page" in the Oracle Applications Framework (OAF), which allows attackers to obtain sensitive system and application environment information.

Vulnerable Systems

Application

  • Oracle E-business Suite 11.5

  • Oracle E-business Suite 12 12.0.6


References

CONFIRM - http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2009.html

VUPEN - ADV-2009-0115

SECTRACK - 1021568

BID - 33177

BUGTRAQ - 20090118 Advisory: Oracle EBusiness Suite Sensitive Information Disclosure Vulnerability

SECUNIA - 33525

MISC - http://secniche.org/papers/orabs.pdf

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html


Last Updated: 27 May 2016 11:01:06