Oracle E-Business Suite vulnerabilities
327 known vulnerabilities affecting oracle/e-business_suite.
Total CVEs
327
CISA KEV
1
actively exploited
Public exploits
5
Exploited in wild
1
Severity breakdown
CRITICAL54HIGH47MEDIUM184LOW42
Vulnerabilities
Page 17 of 17
CVE-2004-0385CRITICALCVSS 10.0v11i2004-06-01
CVE-2004-0385 [CRITICAL] CVE-2004-0385: Heap-based buffer overflow in Oracle 9i Application Server Web Cache 9.0.4.0.0, 9.0.3.1.0, 9.0.2.3.0
Heap-based buffer overflow in Oracle 9i Application Server Web Cache 9.0.4.0.0, 9.0.3.1.0, 9.0.2.3.0, and 9.0.0.4.0 allows remote attackers to execute arbitrary code via a long HTTP request method header to the Web Cache listener. NOTE: due to the vagueness of the Oracle advisory, it is not clear whether there are additional issues besides this overflow, al
nvd
CVE-2003-1116MEDIUMCVSS 5.0v10.7v11.0+8 more2003-12-31
CVE-2003-1116 [MEDIUM] CVE-2003-1116: The communications protocol for the Report Review Agent (RRA), aka FND File Server (FNDFS) program,
The communications protocol for the Report Review Agent (RRA), aka FND File Server (FNDFS) program, in Oracle E-Business Suite 10.7, 11.0, and 11.5.1 to 11.5.8 allows remote attackers to bypass authentication and obtain sensitive information from the Oracle Applications Concurrent Manager by spoofing requests to the TNS Listener.
nvd
CVE-2003-0632HIGHCVSS 7.5v11.1v11.2+6 more2003-08-27
CVE-2003-0632 [HIGH] CVE-2003-0632: Buffer overflow in the Oracle Applications Web Report Review (FNDWRR) CGI program (FNDWRR.exe) of Or
Buffer overflow in the Oracle Applications Web Report Review (FNDWRR) CGI program (FNDWRR.exe) of Oracle E-Business Suite 11.0 and 11.5.1 through 11.5.8 may allow remote attackers to execute arbitrary code via a long URL.
nvd
CVE-2003-0633MEDIUMCVSS 5.0v11.1v11.2+6 more2003-08-27
CVE-2003-0633 [MEDIUM] CVE-2003-0633: Multiple vulnerabilities in aoljtest.jsp of Oracle Applications AOL/J Setup Test Suite in Oracle E-B
Multiple vulnerabilities in aoljtest.jsp of Oracle Applications AOL/J Setup Test Suite in Oracle E-Business Suite 11.5.1 through 11.5.8 allow a remote attacker to obtain sensitive information without authentication, such as the GUEST user password and the application server security key.
nvd
CVE-2002-1882HIGHCVSS 7.5v11.1v11.2+4 more2002-12-31
CVE-2002-1882 [HIGH] CVE-2002-1882: Unknown vulnerability in AolSecurityPrivate.class in Oracle E-Business Suite 11i 11.1 through 11.6 a
Unknown vulnerability in AolSecurityPrivate.class in Oracle E-Business Suite 11i 11.1 through 11.6 allows remote attackers to bypass user authentication checks via unknown attack vectors.
nvd
CVE-2002-1666MEDIUMCVSS 5.0v11.1v11.2+4 more2002-12-31
CVE-2002-1666 [MEDIUM] CVE-2002-1666: Unknown vulnerability in Oracle E-Business Suite 11i.1 through 11i.6 allows remote attackers to exec
Unknown vulnerability in Oracle E-Business Suite 11i.1 through 11i.6 allows remote attackers to execute unauthorized PL/SQL procedures by modifying the Oracle Applications URL.
nvd
CVE-2001-0528HIGHCVSS 7.2v11i2001-08-14
CVE-2001-0528 [HIGH] CVE-2001-0528: Oracle E-Business Suite Release 11i Applications Desktop Integrator (ADI) version 7.x includes a deb
Oracle E-Business Suite Release 11i Applications Desktop Integrator (ADI) version 7.x includes a debug version of FNDPUB11I.DLL, which logs the APPS schema password in cleartext in a debug file, which allows local users to obtain the password and gain privileges.
nvd
← Previous17 / 17