Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5446


Vulnerability Score 3.5 3.5
CVE Id CVE-2008-5446
Last Modified 22 Oct 2012 10:56:46
Published 13 Jan 2009 09:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE



Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10 CU2 and 12.0.6 allows remote authenticated users to affect confidentiality via unknown vectors. NOTE: the previous information was obtained from the January 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is related to unrestricted guest access to the "About Us Page" in the Oracle Applications Framework (OAF), which allows attackers to obtain sensitive system and application environment information.

Vulnerable Systems


  • Oracle E-business Suite 11.5

  • Oracle E-business Suite 12 12.0.6



VUPEN - ADV-2009-0115

SECTRACK - 1021568

BID - 33177

BUGTRAQ - 20090118 Advisory: Oracle EBusiness Suite Sensitive Information Disclosure Vulnerability

SECUNIA - 33525



Last Updated: 27 May 2016 11:01:06