Oracle Application Server vulnerabilities

CVE-2009-0996 [MEDIUM] CVE-2009-0996: Unspecified vulnerability in the BI Publisher component in Oracle Application Server 10.1.3.2.1, 10. Unspecified vulnerability in the BI Publisher component in Oracle Application Server 10.1.3.2.1, 10.1.3.3.3, and 10.1.3.4 allows remote authenticated users to affect confidentiality via unknown vectors.

CVE-2009-1008 [MEDIUM] CVE-2009-1008: Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML, a different vulnerability than CVE-2009-1010.

CVE-2009-0974 [MEDIUM] CVE-2009-0974: Unspecified vulnerability in the Portal component in Oracle Application Server 10.1.2.3 and 10.1.4.2 Unspecified vulnerability in the Portal component in Oracle Application Server 10.1.2.3 and 10.1.4.2 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than CVE-2009-0983 and CVE-2009-3407.

CVE-2009-0983 [MEDIUM] CVE-2009-0983: Unspecified vulnerability in the Portal component in Oracle Application Server 10.1.2.3 and 10.1.4.2 Unspecified vulnerability in the Portal component in Oracle Application Server 10.1.2.3 and 10.1.4.2 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than CVE-2009-0974 and CVE-2009-3407.

CVE-2009-1011 [MEDIUM] CVE-2009-1011: Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is for multiple inte

CVE-2009-1017 [MEDIUM] CVE-2009-1017: Unspecified vulnerability in the BI Publisher component in Oracle Application Server 5.6.2, 10.1.3.2 Unspecified vulnerability in the BI Publisher component in Oracle Application Server 5.6.2, 10.1.3.2.1, 10.1.3.3.3, and 10.1.3.4 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2009-0994.

CVE-2009-0990 [MEDIUM] CVE-2009-0990: Unspecified vulnerability in the BI Publisher component in Oracle Application Server 5.6.2, 10.1.3.2 Unspecified vulnerability in the BI Publisher component in Oracle Application Server 5.6.2, 10.1.3.2.1, and 10.1.3.3.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2009-0989.

CVE-2009-1009 [MEDIUM] CVE-2009-1009: Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.1.9 Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.1.9 allows local users to affect confidentiality, integrity, and availability, related to HTML.

CVE-2008-4017 [MEDIUM] CVE-2008-4017: Unspecified vulnerability in the OC4J component in Oracle Application Server 10.1.2.3 allows remote Unspecified vulnerability in the OC4J component in Oracle Application Server 10.1.2.3 allows remote attackers to affect confidentiality via unknown vectors.

CVE-2008-5438 [MEDIUM] CVE-2008-5438: Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 10.1.2.3 and 1 Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 10.1.2.3 and 10.1.4.2 allows remote attackers to affect integrity via unknown vectors.

CVE-2008-4014 [MEDIUM] CVE-2008-4014: Unspecified vulnerability in the Oracle BPEL Process Manager component in Oracle Application Server Unspecified vulnerability in the Oracle BPEL Process Manager component in Oracle Application Server allows remote authenticated users to affect confidentiality and integrity via unknown vectors.

CVE-2008-3977 [MEDIUM] CVE-2008-3977: Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 9.0.4.3 and 10 Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 9.0.4.3 and 10.1.2.3 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than CVE-2008-3975.

CVE-2008-3975 [MEDIUM] CVE-2008-3975: Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 9.0.4.3 and 10 Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 9.0.4.3 and 10.1.2.3 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than CVE-2008-3977.

CVE-2008-3986 [LOW] CVE-2008-3986: Unspecified vulnerability in the Oracle Discoverer Administrator component in Oracle Application Ser Unspecified vulnerability in the Oracle Discoverer Administrator component in Oracle Application Server 9.0.4.3 and 10.1.2.2 allows local users to affect confidentiality via unknown vectors.

CVE-2008-3987 [LOW] CVE-2008-3987: Unspecified vulnerability in the Oracle Discoverer Desktop component in Oracle Application Server 10 Unspecified vulnerability in the Oracle Discoverer Desktop component in Oracle Application Server 10.1.2.3 allows local users to affect confidentiality via unknown vectors.

CVE-2008-2619 [LOW] CVE-2008-2619: Unspecified vulnerability in the Oracle Reports Developer component in Oracle Application Server 1.0 Unspecified vulnerability in the Oracle Reports Developer component in Oracle Application Server 1.0.2.2, 9.0.4.3, and 10.1.2.2, and E-Business Suite 11.5.10.2, allows remote authenticated users to affect availability via unknown vectors.

CVE-2008-2589 [MEDIUM] CVE-2008-2589: Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 9.0.4.3, 10.1. Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 9.0.4.3, 10.1.2.2, and 10.1.4.1 has unknown impact and remote attack vectors. NOTE: the previous information was obtained from the Oracle July 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a SQL injection vulnerability in the WWV_RENDER_

CVE-2008-2609 [MEDIUM] CVE-2008-2609: Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 9.0.4.3, 10.1. Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 9.0.4.3, 10.1.2.3, and 10.1.4.2 has unknown impact and remote attack vectors.

CVE-2008-2593 [MEDIUM] CVE-2008-2593: Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 10.1.2.3 and 1 Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 10.1.2.3 and 10.1.4.2 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-2594.

CVE-2008-2614 [MEDIUM] CVE-2008-2614: Unspecified vulnerability in the Oracle HTTP Server component in Oracle Application Server 9.0.4.3, Unspecified vulnerability in the Oracle HTTP Server component in Oracle Application Server 9.0.4.3, 10.1.2.3, and 10.1.3.3 has unknown impact and remote attack vectors.