Oracle E-Business Suite vulnerabilities

CVE-2008-3985 [MEDIUM] CVE-2008-3985: Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 12.0.4 allows remote attackers to affect confidentiality via unknown vectors.

CVE-2008-3993 [LOW] CVE-2008-3993: Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2 and 12.0.4 allows remote authenticated users to affect integrity via unknown vectors.

CVE-2008-2619 [LOW] CVE-2008-2619: Unspecified vulnerability in the Oracle Reports Developer component in Oracle Application Server 1.0 Unspecified vulnerability in the Oracle Reports Developer component in Oracle Application Server 1.0.2.2, 9.0.4.3, and 10.1.2.2, and E-Business Suite 11.5.10.2, allows remote authenticated users to affect availability via unknown vectors.

CVE-2008-2596 [MEDIUM] CVE-2008-2596: Unspecified vulnerability in the Mobile Application Server component in Oracle E-Business Suite 12.0 Unspecified vulnerability in the Mobile Application Server component in Oracle E-Business Suite 12.0.3 has unknown impact and remote authenticated attack vectors.

CVE-2008-2610 [MEDIUM] CVE-2008-2610: Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 12.0.4 has unknown impact and remote authenticated attack vectors.

CVE-2008-2585 [MEDIUM] CVE-2008-2585: Unspecified vulnerability in the Oracle Report Manager component in Oracle E-Business Suite 12.0.4 h Unspecified vulnerability in the Oracle Report Manager component in Oracle E-Business Suite 12.0.4 has unknown impact and remote authenticated attack vectors.

CVE-2008-2606 [MEDIUM] CVE-2008-2606: Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Su Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.0.4 has unknown impact and remote authenticated attack vectors, a different vulnerability than CVE-2008-2586.

CVE-2008-2586 [MEDIUM] CVE-2008-2586: Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Su Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.0.4 has unknown impact and remote authenticated attack vectors, a different vulnerability than CVE-2008-2606.

CVE-2008-2601 [MEDIUM] CVE-2008-2601: Unspecified vulnerability in the Oracle iStore component in Oracle E-Business Suite 12.0.4 has unkno Unspecified vulnerability in the Oracle iStore component in Oracle E-Business Suite 12.0.4 has unknown impact and remote authenticated attack vectors.

CVE-2008-1826 [CRITICAL] CVE-2008-1826: Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10.2 have unknown impact and at Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10.2 have unknown impact and attack vectors related to (a) Advanced Pricing, aka (1) APP01 and (2) APP10; and (b) Applications Framework, aka (3) APP05.

CVE-2008-0348 [CRITICAL] CVE-2008-0348: Multiple unspecified vulnerabilities in the PeopleTools component in Oracle PeopleSoft Enterprise an Multiple unspecified vulnerabilities in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.22.18, 8.48.15, and 8.49.07 have unknown impact and remote attack vectors, aka (1) PSE01, (2) PSE03, and (3) PSE04.

CVE-2008-0344 [CRITICAL] CVE-2008-0344: Unspecified vulnerability in the Oracle Spatial component in Oracle Database 10.1.0.5 and 10.2.0.3 h Unspecified vulnerability in the Oracle Spatial component in Oracle Database 10.1.0.5 and 10.2.0.3 has unknown impact and remote attack vectors, aka DB07.

CVE-2008-0345 [CRITICAL] CVE-2008-0345: Unspecified vulnerability in the Core RDBMS component in Oracle Database 11.1.0.6 has unknown impact Unspecified vulnerability in the Core RDBMS component in Oracle Database 11.1.0.6 has unknown impact and remote attack vectors, aka DB08.

CVE-2008-0349 [CRITICAL] CVE-2008-0349: Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edward Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.15 and 8.49.07 has unknown impact and remote attack vectors, aka PSE02.

CVE-2008-0346 [CRITICAL] CVE-2008-0346: Unspecified vulnerability in the Oracle Jinitiator component in Oracle Application Server 1.3.1.27 a Unspecified vulnerability in the Oracle Jinitiator component in Oracle Application Server 1.3.1.27 and E-Business Suite 11.5.10.2 has unknown impact and remote attack vectors, aka AS01.

CVE-2008-0340 [CRITICAL] CVE-2008-0340: Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 have unknown impact and remote attack vectors, related to the (1) Advanced Queuing component (DB02) and (2) Oracle Spatial component (DB04).

CVE-2008-0347 [CRITICAL] CVE-2008-0347: Unspecified vulnerability in the Oracle Ultra Search component in Oracle Collaboration Suite 10.1.2; Unspecified vulnerability in the Oracle Ultra Search component in Oracle Collaboration Suite 10.1.2; Database 9.2.0.8, 10.1.0.5, and 10.2.0.3; and Application Server 9.0.4.3 and 10.1.2.0.2; has unknown impact and local attack vectors, aka OCS01. NOTE: Oracle has not disputed a reliable claim that this issue is related to WKSYS schema privileges.

CVE-2008-0343 [CRITICAL] CVE-2008-0343: Unspecified vulnerability in the Oracle Spatial component in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, Unspecified vulnerability in the Oracle Spatial component in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, and 10.1.0.5 has unknown impact and remote attack vectors, aka DB06.

CVE-2007-5766 [HIGH] CVE-2007-5766: SQL injection vulnerability in okxLOV.jsp in Oracle E-Business Suite 11 and 12 allows remote attacke SQL injection vulnerability in okxLOV.jsp in Oracle E-Business Suite 11 and 12 allows remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: this is probably the same issue as CVE-2007-5527 or CVE-2007-5528, but there are insufficient details to be sure.

CVE-2007-5528 [CRITICAL] CVE-2007-5528: Multiple unspecified vulnerabilities in Oracle E-Business Suite 12.0.2 have unknown impact and attac Multiple unspecified vulnerabilities in Oracle E-Business Suite 12.0.2 have unknown impact and attack vectors related to (1) Public Sector Human Resources (APP03) and (2) Quoting component (APP06).