Security Advisory SA50996 - Oracle E-Business Suite Multiple Vulnerabilities

Secunia

Blog

Secunia Advisory SA50996

Oracle E-Business Suite Multiple Vulnerabilities

Secunia Advisory

SA50996

Release Date

2012-10-17

Popularity

687 views

Comments

0 comments

Criticality level

Less critical

Impact

Manipulation of data
DoS
Exposure of sensitive information

Where

From remote

Authentication level

This information is available to Secunia VIM customers

Report reliability

This information is available to Secunia VIM customers

Solution Status

Vendor Patch

Systems affected

This information is available to Secunia VIM customers

Approve distribution

This information is available to Secunia VIM customers

Software:

Oracle E-Business Suite 11i

Oracle E-Business Suite 12.x

Secunia CVSS Score

This information is available to Secunia VIM Customers

CVE Reference(s)

Description

Multiple vulnerabilities have been reported in Oracle E-Business Suite, which can be exploited by malicious, local users to disclose potentially sensitive information, by malicious users to manipulate certain data, and by malicious people to disclose potentially sensitive information, manipulate certain data, and cause a DoS (Denial of Service).

1) An unspecified error in the PDF generation component can be exploited to disclose certain data and cause a DoS.

2) An unspecified error in the Autoconfig Templates component can be exploited to disclose certain data.

3) An unspecified error in the Signon (local only) sub-component of the Oracle iRecruitment component can be exploited to cause a DoS.

4) An unspecified error in the Signon (local and SSO) sub-component of the Oracle Application Object Library component can be exploited to manipulate certain data.

5) An unspecified error in the Web interface component can be exploited to manipulate certain data.

6) An unspecified error in the Web interface component can be exploited to manipulate certain data.

7) An unspecified error in the Wireless/WAP upload component can be exploited by authenticated users to manipulate certain data.

8) An unspecified error in the Publish Item component can be exploited by authenticated users to manipulate certain data.

9) An unspecified error in the MDS loading component can be exploited by local users to disclose certain data.

The vulnerabilities are reported in version 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3.

Solution
Apply updates.
Further details available to Secunia VIM customers

Provided and/or discovered by
It is currently unclear who reported these vulnerabilities as the Oracle Critical Patch Update for October 2012 only provides a bundled list of credits. This section will be updated when/if the original reporter provides more information.

Original Advisory
Oracle:
http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html#AppendixEBS

Other references
Further details available to Secunia VIM customers

Deep Links
Links available to Secunia VIM customers

Do you have additional information related to this advisory?

Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com

Subject: Oracle E-Business Suite Multiple Vulnerabilities

No posts yet

Secunia Advisory SA50996

Oracle E-Business Suite Multiple Vulnerabilities

Do you have additional information related to this advisory?

You must be logged in to post a comment.

Secunia Customer Login

Not a customer already?