CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Oracle » E-business Suite : Security Vulnerabilities (CVSS score between 4 and 4.99)

CVSS Scores Greater Than: 0   1   2   3   4   5   6   7   8   9  
Copy Results Download Results Select Table
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2013-2396 2013-04-17 2013-04-18
4.3
 None Remote Medium Not required None Partial None
Unspecified vulnerability in the Oracle Applications Manager component in Oracle E-Business Suite 12.0.6 and 12.1.3 allows remote attackers to affect integrity via vectors related to HTML OAM client.
2 CVE-2013-1528 2013-04-17 2013-04-17
4.3
 None Remote Medium Not required None Partial None
Unspecified vulnerability in the Oracle HRMS component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Payroll.
3 CVE-2013-1524 2013-04-17 2013-04-17
4.3
 None Remote Medium Not required None Partial None
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.0.6 and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Attachments.
4 CVE-2013-1501 2013-04-17 2013-04-17
4.3
 None Remote Medium Not required None Partial None
Unspecified vulnerability in the Oracle iStore component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via unknown vectors related to Login.
5 CVE-2013-0380 2013-01-16 2013-01-17
4.3
 None Remote Medium Not required None Partial None
Unspecified vulnerability in the Oracle Payroll component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to View Payslip.
6 CVE-2013-0377 2013-01-16 2013-01-17
4.3
 None Remote Medium Not required None Partial None
Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Client System Analyzer.
7 CVE-2013-0376 2013-01-16 2013-01-17
4.3
 None Remote Medium Not required None Partial None
Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Diagnostics.
8 CVE-2012-5058 2012-10-17 2012-10-17
4.3
 None Remote Medium Not required None Partial None
Unspecified vulnerability in the Oracle iStore component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to the Web interface.
9 CVE-2012-3139 2012-10-16 2012-10-18
4.3
 None Remote Medium Not required None Partial None
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity, related to Signon (local and SSO).
10 CVE-2012-3138 2012-10-16 2012-10-22
4.3
 None Remote Medium Not required None Partial None
Unspecified vulnerability in the Oracle iStore component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Web interface.
11 CVE-2012-1730 2012-07-17 2012-11-06
4.3
 None Remote Medium Not required None Partial None
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Password Management.
12 CVE-2012-1715 2012-07-17 2012-11-06
4.3
 None Remote Medium Not required None Partial None
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect integrity, related to HTML Pages.
13 CVE-2012-0078 2012-01-18 2012-01-30
4.0
 None Remote Low Single system Partial None None
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.1.2 and 12.1.3 allows remote authenticated users to affect confidentiality, related to REST Services (Menu, LOV).
14 CVE-2012-0073 2012-01-18 2012-01-30
4.3
 None Remote Medium Not required None Partial None
Unspecified vulnerability in the Oracle Forms component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via unknown vectors.
15 CVE-2011-3513 2011-10-18 2012-11-06
4.3
 None Remote Medium Not required None Partial None
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.2, and 12.1.3 allows remote attackers to affect integrity, related to HTML Pages.
16 CVE-2011-2308 2011-10-18 2012-01-13
4.3
 None Remote Medium Not required None Partial None
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.0.6, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Online Help.
17 CVE-2011-2302 2011-10-18 2012-01-13
4.3
 None Remote Medium Not required None Partial None
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Single Sign On.
18 CVE-2011-2246 2011-07-20 2011-10-04
4.3
 None Remote Medium Not required None Partial None
Unspecified vulnerability in the Business Intelligence component in Oracle E-Business Suite 11.5.10.2, 12.0.4, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Financials.
19 CVE-2011-0809 2011-04-19 2011-04-20
4.3
 None Remote Medium Not required None Partial None
Unspecified vulnerability in the Web ADI component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors.
20 CVE-2011-0791 2011-04-19 2011-04-20
4.3
 None Remote Medium Not required Partial None None
Unspecified vulnerability in the Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality via unknown vectors related to Data Export.
21 CVE-2010-3589 2011-01-19 2011-01-26
4.0
 None Remote High Not required Partial Partial None
Unspecified vulnerability in the Oracle Application Object Library component in Oracle Applications 11.5.10.2, 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Logout.
22 CVE-2010-3587 2011-01-19 2011-01-26
4.3
 None Remote Medium Not required None Partial None
Unspecified vulnerability in the Oracle Common Applications component in Oracle Applications 11.5.10.2, 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to User Management.
23 CVE-2010-3504 2010-10-13 2010-11-11
4.3
 None Remote Medium Not required None Partial None
Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.2 allows remote attackers to affect integrity via unknown vectors.
24 CVE-2010-2418 2010-10-13 2010-11-11
4.3
 None Remote Medium Not required None Partial None
Unspecified vulnerability in the Oracle Territory Management component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect integrity via unknown vectors.
25 CVE-2010-2416 2010-10-13 2010-11-11
4.3
 None Remote Medium Not required None Partial None
Unspecified vulnerability in the Oracle E-Business Intelligence component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect integrity via unknown vectors.
26 CVE-2010-2408 2010-10-13 2010-11-11
4.3
 None Remote Medium Not required None Partial None
Unspecified vulnerability in the Oracle iRecruitment component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect integrity via unknown vectors.
27 CVE-2010-0913 2010-07-13 2012-10-22
4.3
 None Remote Medium Not required None Partial None
Unspecified vulnerability in the Oracle Applications Manager component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.2 allows remote attackers to affect integrity via unknown vectors.
28 CVE-2010-0912 2010-07-13 2012-10-22
4.3
 None Remote Medium Not required None Partial None
Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.2 allows remote attackers to affect integrity via unknown vectors.
29 CVE-2010-0905 2010-07-13 2012-10-22
4.3
 None Remote Medium Not required None Partial None
Unspecified vulnerability in the Oracle Applications Manager component in Oracle E-Business Suite 11.5.10.2 and 12.0.4 allows remote attackers to affect integrity via unknown vectors.
30 CVE-2010-0871 2010-04-13 2012-10-22
4.3
 None Remote Medium Not required None Partial None
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.2 allows remote attackers to affect integrity via unknown vectors.
31 CVE-2010-0869 2010-04-13 2012-10-22
4.3
 None Remote Medium Not required Partial None None
Unspecified vulnerability in the Oracle Transportation Management component in Oracle E-Business Suite 5.5.05.07, 5.5.06.00, and 6.0.03 allows remote attackers to affect confidentiality via unknown vectors.
32 CVE-2010-0865 2010-04-13 2012-10-22
4.3
 None Remote Medium Not required Partial None None
Unspecified vulnerability in the Oracle Agile Engineering Data Management component in Oracle E-Business Suite 6.1.1.0 allows remote attackers to affect confidentiality via unknown vectors.
33 CVE-2009-3416 2010-01-12 2012-10-22
4.3
 None Remote Medium Not required None Partial None
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.1 allows remote attackers to affect integrity via unknown vectors.
34 CVE-2009-3397 2009-10-22 2012-10-22
4.3
 None Remote Medium Not required Partial None None
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.0.6 and 12.1.1 allows remote attackers to affect confidentiality via unknown vectors.
35 CVE-2009-3393 2009-10-22 2012-10-22
4.3
 None Remote Medium Not required None Partial None
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via unknown vectors.
36 CVE-2009-1984 2009-07-14 2012-10-22
4.4
 None Local Medium Not required Partial Partial Partial
Unspecified vulnerability in the Application Install component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the Patch Administrator.
37 CVE-2009-1983 2009-07-14 2012-10-22
4.3
 None Remote Medium Not required None Partial None
Unspecified vulnerability in the Oracle iStore component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1 allows remote attackers to affect integrity via unknown vectors.
38 CVE-2009-1982 2009-07-14 2012-10-22
4.3
 None Remote Medium Not required None Partial None
Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2 and 12.0.6 allows remote attackers to affect integrity via unknown vectors.
39 CVE-2009-0995 2009-04-15 2012-10-22
4.3
 None Remote Medium Not required None Partial None
Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 12.0.6 and 11i10CU2 allows remote attackers to affect integrity via unknown vectors.
40 CVE-2008-3998 2008-10-14 2012-10-22
4.9
 None Remote Medium Single system Partial Partial None
Unspecified vulnerability in the Oracle iStore component in Oracle E-Business Suite 12.0.4 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
41 CVE-2008-2586 2008-07-15 2012-10-22
4.0
 None Remote Low Single system Partial None None
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.0.4 has unknown impact and remote authenticated attack vectors.
42 CVE-2007-0291 2007-01-16 2012-10-22
4.0
 None Remote Low Single system Partial None None
Unspecified vulnerability in Oracle E-Business Suite and Applications 6.2.3 has unknown impact and attack vectors related to Oracle Exchange, aka APPS02.
43 CVE-2004-1367 200 +Info 2004-08-04 2008-09-05
4.4
 User Local Medium Not required Partial Partial Partial
Oracle 10g Database Server, when installed with a password that contains an exclamation point ("!") for the (1) DBSNMP or (2) SYSMAN user, generates an error that logs the password in the world-readable postDBCreation.log file, which could allow local users to obtain that password and use it against SYS or SYSTEM accounts, which may have been installed with the same password.
44 CVE-2004-1366 255 +Priv 2004-08-04 2008-09-05
4.6
 User Local Low Not required Partial Partial Partial
Oracle 10g Database Server stores the password for the SYSMAN account in cleartext in the world-readable emoms.properties file, which could allow local users to gain DBA privileges.
45 CVE-2004-1365 Exec Code 2004-08-04 2008-09-05
4.6
 User Local Low Not required Partial Partial Partial
Extproc in Oracle 9i and 10g does not require authentication to load a library or execute a function, which allows local users to execute arbitrary commands as the Oracle user.
Total number of vulnerabilities : 45   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.