CVE-2009-1000 — Oracle E-business Suite vulnerability

CWE-25519 documents5 sources

Severity

7.5HIGHNVD

EPSS

0.6%

top 30.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle E-business Suite

Timeline

PublishedApr 15

Latest updateMay 2

Description

The Oracle Applications Framework component in Oracle E-Business Suite 12.0.6 and 11i10CU2 uses default passwords for unspecified "FND Applications Users (not DB users)," which has unknown impact and attack vectors.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDoracle/e-business_suite11i10cu2, 12.0.6+1

🔴Vulnerability Details

GHSA

GHSA-jjhw-cf9v-3wq5: The Oracle Applications Framework component in Oracle E-Business Suite 12↗2022-05-02

▶

CVEList

CVE-2009-1000: The Oracle Applications Framework component in Oracle E-Business Suite 12↗2009-04-15

▶

💥Exploits & PoCs

Exploit-DB

Easy RM to MP3 Converter 2.7.3.700 - '.m3u' File (Universal ASLR + DEP Bypass)↗2016-06-13

▶

Exploit-DB

Accellion File Transfer - 'Appliance web_client_user_guide.html?lang' Traversal Arbitrary File Access↗2010-02-10

▶

Exploit-DB

Adobe Illustrator CS4 14.0.0 - eps Universal Buffer Overflow (Metasploit)↗2009-12-07

▶

Exploit-DB

PointDev IDEAL Administration 2009 9.7 - Local Buffer Overflow (Metasploit)↗2009-12-06

▶

Exploit-DB

Linux Kernel 2.6.32 - 'pipe.c' Local Privilege Escalation (4)↗2009-11-12

▶

💬Community

Bugzilla

CVE-2009-0217 xmlsec1, mono, xml-security-c, xml-security-1.3.0-1jpp.ep1.*: XMLDsig HMAC-based signatures spoofing and authentication bypass [epel-5]↗2011-04-06

▶

Bugzilla

CVE-2009-3547 kernel: fs: pipe.c null pointer dereference↗2009-10-23

▶