Vulnerability Details CVE-2007-2135
The ADI_BINARY component in the Oracle E-Business Suite allows remote attackers to download arbitrary documents from the APPS.FND_DOCUMENTS table via the ADI_DISPLAY_REPORT function, when passed a certain parameter. NOTE: due to lack of details from Oracle, it is not clear whether this issue is related to other CVE identifiers such as CVE-2007-2126, CVE-2007-2127, or CVE-2007-2128.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 64.7%
CVSS Severity
CVSS v2 Score 7.8
References
- http://osvdb.org/39959
- http://securityreason.com/securityalert/2612
- http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2007.html
- http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html
- http://www.securityfocus.com/archive/1/466215/100/0/threaded
- http://www.zerodayinitiative.com/advisories/ZDI-07-017.html
- http://osvdb.org/39959
- http://securityreason.com/securityalert/2612
- http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2007.html
- http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html
- http://www.securityfocus.com/archive/1/466215/100/0/threaded
- http://www.zerodayinitiative.com/advisories/ZDI-07-017.html
Products affected by CVE-2007-2135
-
cpe:2.3:a:oracle:e-business_suite:-
-
cpe:2.3:a:oracle:e-business_suite:10.2
-
cpe:2.3:a:oracle:e-business_suite:10.7
-
cpe:2.3:a:oracle:e-business_suite:11.0
-
cpe:2.3:a:oracle:e-business_suite:11.1
-
cpe:2.3:a:oracle:e-business_suite:11.2
-
cpe:2.3:a:oracle:e-business_suite:11.3
-
cpe:2.3:a:oracle:e-business_suite:11.4
-
cpe:2.3:a:oracle:e-business_suite:11.5
-
cpe:2.3:a:oracle:e-business_suite:11.5.1
-
cpe:2.3:a:oracle:e-business_suite:11.5.10
-
cpe:2.3:a:oracle:e-business_suite:11.5.10.1
-
cpe:2.3:a:oracle:e-business_suite:11.5.10.2
-
cpe:2.3:a:oracle:e-business_suite:11.5.2
-
cpe:2.3:a:oracle:e-business_suite:11.5.3
-
cpe:2.3:a:oracle:e-business_suite:11.5.4
-
cpe:2.3:a:oracle:e-business_suite:11.5.5
-
cpe:2.3:a:oracle:e-business_suite:11.5.6
-
cpe:2.3:a:oracle:e-business_suite:11.5.7
-
cpe:2.3:a:oracle:e-business_suite:11.5.8
-
cpe:2.3:a:oracle:e-business_suite:11.5.9
-
cpe:2.3:a:oracle:e-business_suite:11.6
-
cpe:2.3:a:oracle:e-business_suite:11.7
-
cpe:2.3:a:oracle:e-business_suite:11.8
-
cpe:2.3:a:oracle:e-business_suite:11i
-
cpe:2.3:a:oracle:e-business_suite:12
-
cpe:2.3:a:oracle:e-business_suite:12.0.0
-
cpe:2.3:a:oracle:e-business_suite:12.0.1
-
cpe:2.3:a:oracle:e-business_suite:12.0.2
-
cpe:2.3:a:oracle:e-business_suite:12.0.3
-
cpe:2.3:a:oracle:e-business_suite:12.0.4
-
cpe:2.3:a:oracle:e-business_suite:12.0.6
-
cpe:2.3:a:oracle:e-business_suite:12.1
-
cpe:2.3:a:oracle:e-business_suite:12.1.1
-
cpe:2.3:a:oracle:e-business_suite:12.1.2
-
cpe:2.3:a:oracle:e-business_suite:12.1.3
-
cpe:2.3:a:oracle:e-business_suite:12.2
-
cpe:2.3:a:oracle:e-business_suite:12.2.10
-
cpe:2.3:a:oracle:e-business_suite:12.2.11
-
cpe:2.3:a:oracle:e-business_suite:12.2.12
-
cpe:2.3:a:oracle:e-business_suite:12.2.13
-
cpe:2.3:a:oracle:e-business_suite:12.2.2
-
cpe:2.3:a:oracle:e-business_suite:12.2.3
-
cpe:2.3:a:oracle:e-business_suite:12.2.4
-
cpe:2.3:a:oracle:e-business_suite:12.2.5
-
cpe:2.3:a:oracle:e-business_suite:12.2.6
-
cpe:2.3:a:oracle:e-business_suite:12.2.7
-
cpe:2.3:a:oracle:e-business_suite:12.2.8
-
cpe:2.3:a:oracle:e-business_suite:12.2.9
-
cpe:2.3:a:oracle:e-business_suite:4.3
-
cpe:2.3:a:oracle:e-business_suite:6.2.3
-
cpe:2.3:a:oracle:e-business_suite:6.2.4