CVE-2015-4846SQL Injection in Oracle E-business Suite

3 documents3 sources
Severity
3.6LOWNVD
EPSS
0.3%
top 45.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Oracle E-business Suite
Timeline
PublishedOct 21
Latest updateMay 14

Description

Unspecified vulnerability in the Oracle Applications Manager component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote authenticated users to affect confidentiality and integrity via vectors related to SQL Extensions. NOTE: the previous information is from the October 2015 CPU. Oracle has not commented on third-party claims that this issue is a SQL injection vulnerability, which allows remote authenticated users to execute arbitrary SQL commands via a reque

CVSS vector

AV:N/AC:H/C:P/I:P/A:NExploitability: 3.9 | Impact: 4.9

Affected Packages1 packages

NVDoracle/e-business_suite5 versions+4

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

2
GHSA
GHSA-m5j9-pmc8-r73h: Unspecified vulnerability in the Oracle Applications Manager component in Oracle E-Business Suite 112022-05-14
CVEList
CVE-2015-4846: Unspecified vulnerability in the Oracle Applications Manager component in Oracle E-Business Suite 112015-10-21
CVE-2015-4846 — SQL Injection in Oracle | cvebase