Oracle E-Business Suite vulnerabilities

CVE-2007-5529 [HIGH] CVE-2007-5529: Unspecified vulnerability in the Oracle Self-Service Web Applications component in client-only insta Unspecified vulnerability in the Oracle Self-Service Web Applications component in client-only installations of Oracle E-Business Suite 11.5.10.2 has unknown impact and remote attack vectors, aka APP08.

CVE-2007-5527 [HIGH] CVE-2007-5527: Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10.2 have unknown impact and re Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10.2 have unknown impact and remote attack vectors, related to (1) Application Object Library component (APP01), (2) Contracts Integration (APP02), (3) Applications Manager (APP04), (4) Marketing component (APP05), and (5) Exchange component (APP07).

CVE-2007-3867 [HIGH] CVE-2007-3867: Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10CU2 have unknown impact and a Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10CU2 have unknown impact and attack vectors, related to (1) APPS04, (2) APPS05, and (3) APPS06 in (a) Oracle Application Object Library, (4) APPS07 in Oracle Customer Intelligence, (5) APPS08 in Oracle Payments, (7) APPS10 in Oracle Human Resources, and (8) APPS11 in iRecruitment.

CVE-2007-3865 [HIGH] CVE-2007-3865: Unspecified vulnerability in the Oracle Customer Intelligence component in Oracle E-Business Suite 1 Unspecified vulnerability in the Oracle Customer Intelligence component in Oracle E-Business Suite 12.0.1 has unknown impact and remote attack vectors, aka APPS01.

CVE-2007-3866 [HIGH] CVE-2007-3866: Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10CU2 and 12.0.1 allow remote a Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10CU2 and 12.0.1 allow remote attackers to have an unknown impact via (a) Oracle Configurator (APPS02), (b) Oracle iExpenses (APPS03), (c) Oracle Application Object Library (APPS09), and (1) APPS12, (2) APPS13, and (3) APPS14 in (d) Oracle Payables.

CVE-2007-3854 [MEDIUM] CVE-2007-3854: Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.5 allow remote Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.5 allow remote authenticated users to have unknown impact via (1) SYS.DBMS_PRVTAQIS in the Advanced Queuing component (DB02) and (2) MDSYS.MD in the Spatial component (DB12). NOTE: Oracle has not disputed reliable researcher claims that DB02 is for SQL injection and DB12 is

CVE-2007-2128 [CRITICAL] CVE-2007-2128: Unspecified vulnerability in the Sales Online component for Oracle E-Business Suite 11.5.10 has unkn Unspecified vulnerability in the Sales Online component for Oracle E-Business Suite 11.5.10 has unknown impact and remote authenticated attack vectors, aka APPS08.

CVE-2007-2127 [CRITICAL] CVE-2007-2127: Multiple unspecified vulnerabilities in Oracle E-Business Suite 12.0.0 have unknown impact and remot Multiple unspecified vulnerabilities in Oracle E-Business Suite 12.0.0 have unknown impact and remote attack vectors via (1) Application Object Library (APPS04), iStore (2) APPS05 and (3) APPS06, (4) iSupport (APPS07), (5) Trade Management (APPS09), (6) Applications Manager (APPS10), and (7) Oracle Report Manager (APPS03).

CVE-2007-2126 [CRITICAL] CVE-2007-2126: Unspecified vulnerability in Oracle E-Business Suite 11.5.10CU2 has unknown impact and remote attack Unspecified vulnerability in Oracle E-Business Suite 11.5.10CU2 has unknown impact and remote attack vectors in the (1) Common Applications (APPS01) and (2) iProcurement (APPS02).

CVE-2007-0279 [HIGH] CVE-2007-0279: Multiple unspecified vulnerabilities in Oracle HTTP Server 9.2.0.8 and Oracle E-Business Suite and A Multiple unspecified vulnerabilities in Oracle HTTP Server 9.2.0.8 and Oracle E-Business Suite and Applications 11.5.10CU2 have unknown impact and attack vectors, aka (1) OHS01, (2) OHS02, (3) OHS05, (4) OHS06, and (5) OHS07.

CVE-2007-0285 [MEDIUM] CVE-2007-0285: Unspecified vulnerability in Oracle Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2; Collaborat Unspecified vulnerability in Oracle Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2; Collaboration Suite 9.0.4.2 and 10.1.2; and E-Business Suite and Applications 11.5.10CU2 has unknown impact and attack vectors related to Oracle Reports Developer, aka REP01.

CVE-2007-0291 [MEDIUM] CVE-2007-0291: Unspecified vulnerability in Oracle E-Business Suite and Applications 6.2.3 has unknown impact and a Unspecified vulnerability in Oracle E-Business Suite and Applications 6.2.3 has unknown impact and attack vectors related to Oracle Exchange, aka APPS02.

CVE-2007-0290 [MEDIUM] CVE-2007-0290: Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5.10CU2 have unk Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5.10CU2 have unknown impact and attack vectors related to (1) Application Object Library (APPS01), (2) Human Resources (APPS03), (3) Payables (APPS04), (4) Trading Community Architecture (APPS05), and (5) Web Applications Desktop Integrator (APPS06).

CVE-2007-0275 [LOW] CWE-79 CVE-2007-0275: Cross-site scripting (XSS) vulnerability in Oracle Reports Web Cartridge (RWCGI60) in the Workflow C Cross-site scripting (XSS) vulnerability in Oracle Reports Web Cartridge (RWCGI60) in the Workflow Cartridge component, as used in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3; Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2; Collaboration Suite 10.1.2; and Oracle E-Business Suite and Applications 11.5.10CU2; allows remote authenticated users to i

CVE-2006-5348 [CRITICAL] CVE-2006-5348: Unspecified vulnerability in Oracle HTTP Server 9.2.0.7, Oracle Collaboration Suite 9.0.4.2, and Ora Unspecified vulnerability in Oracle HTTP Server 9.2.0.7, Oracle Collaboration Suite 9.0.4.2, and Oracle E-Business Suite and Applications 11.5.10CU2 has unknown impact and remote attack vectors related to HTTPS and SSL, aka Vuln# OHS05.

CVE-2006-5355 [CRITICAL] CVE-2006-5355: Unspecified vulnerability in Oracle Single Sign-On component in Oracle Application Server 9.0.4.3, 1 Unspecified vulnerability in Oracle Single Sign-On component in Oracle Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.1.0, Collaboration Suite 9.0.4.2 and 10.1.2, and Oracle E-Business Suite and Applications 11.5.10CU2 has unknown impact and remote attack vectors, aka Vuln# SSO01.

CVE-2006-5372 [CRITICAL] CVE-2006-5372: Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10 up to 11.5.10CU2 have unknow Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10 up to 11.5.10CU2 have unknown impact and remote authenticated attack vectors, aka Vuln# (1) APPS11 for Oracle Universal Work Queue and (2) APPS12 for Oracle Application Object Library.

CVE-2006-5354 [CRITICAL] CVE-2006-5354: Unspecified vulnerability in Oracle HTTP Server 9.2.0.7 and 10.1.0.5, Application Server 9.0.4.3, 10 Unspecified vulnerability in Oracle HTTP Server 9.2.0.7 and 10.1.0.5, Application Server 9.0.4.3, 10.1.2.0.2, 10.1.2.1.0, and 10.1.3.0, racle Collaboration Suite 9.0.4.2 and 10.1.2, and Oracle E-Business Suite and Applications 11.5.10CU2 has unknown impact and remote attack vectors, aka Vuln# OHS06.

CVE-2006-5368 [CRITICAL] CVE-2006-5368: Unspecified vulnerability in Oracle Exchange component in Oracle E-Business Suite 6.2.4 has unknown Unspecified vulnerability in Oracle Exchange component in Oracle E-Business Suite 6.2.4 has unknown impact and remote attack vectors, aka Vuln# APPS01.

CVE-2006-5369 [CRITICAL] CVE-2006-5369: Unspecified vulnerability in Oracle Application Object Library in Oracle E-Business Suite 11.5.10CU2 Unspecified vulnerability in Oracle Application Object Library in Oracle E-Business Suite 11.5.10CU2 has unknown impact and remote authenticated attack vectors, aka Vuln# APPS02.