Vulnerability Details CVE-2007-2170
The APPLSYS.FND_DM_NODES package in Oracle E-Business Suite does not check for valid sessions, which allows remote attackers to delete arbitrary nodes. NOTE: due to lack of details from Oracle, it is not clear whether this issue is related to other CVE identifiers such as CVE-2007-2126, CVE-2007-2127, or CVE-2007-2128.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.019
EPSS Ranking 82.3%
CVSS Severity
CVSS v2 Score 9.4
References
- http://osvdb.org/39958
- http://securityreason.com/securityalert/2611
- http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2007.html
- http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html
- http://www.securityfocus.com/archive/1/466214/100/0/threaded
- http://www.zerodayinitiative.com/advisories/ZDI-07-016.html
- http://osvdb.org/39958
- http://securityreason.com/securityalert/2611
- http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2007.html
- http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html
- http://www.securityfocus.com/archive/1/466214/100/0/threaded
- http://www.zerodayinitiative.com/advisories/ZDI-07-016.html
Products affected by CVE-2007-2170
-
cpe:2.3:a:oracle:e-business_suite:-
-
cpe:2.3:a:oracle:e-business_suite:10.2
-
cpe:2.3:a:oracle:e-business_suite:10.7
-
cpe:2.3:a:oracle:e-business_suite:11.0
-
cpe:2.3:a:oracle:e-business_suite:11.1
-
cpe:2.3:a:oracle:e-business_suite:11.2
-
cpe:2.3:a:oracle:e-business_suite:11.3
-
cpe:2.3:a:oracle:e-business_suite:11.4
-
cpe:2.3:a:oracle:e-business_suite:11.5
-
cpe:2.3:a:oracle:e-business_suite:11.5.1
-
cpe:2.3:a:oracle:e-business_suite:11.5.10
-
cpe:2.3:a:oracle:e-business_suite:11.5.10.1
-
cpe:2.3:a:oracle:e-business_suite:11.5.10.2
-
cpe:2.3:a:oracle:e-business_suite:11.5.2
-
cpe:2.3:a:oracle:e-business_suite:11.5.3
-
cpe:2.3:a:oracle:e-business_suite:11.5.4
-
cpe:2.3:a:oracle:e-business_suite:11.5.5
-
cpe:2.3:a:oracle:e-business_suite:11.5.6
-
cpe:2.3:a:oracle:e-business_suite:11.5.7
-
cpe:2.3:a:oracle:e-business_suite:11.5.8
-
cpe:2.3:a:oracle:e-business_suite:11.5.9
-
cpe:2.3:a:oracle:e-business_suite:11.6
-
cpe:2.3:a:oracle:e-business_suite:11.7
-
cpe:2.3:a:oracle:e-business_suite:11.8
-
cpe:2.3:a:oracle:e-business_suite:11i
-
cpe:2.3:a:oracle:e-business_suite:12
-
cpe:2.3:a:oracle:e-business_suite:12.0.0
-
cpe:2.3:a:oracle:e-business_suite:12.0.1
-
cpe:2.3:a:oracle:e-business_suite:12.0.2
-
cpe:2.3:a:oracle:e-business_suite:12.0.3
-
cpe:2.3:a:oracle:e-business_suite:12.0.4
-
cpe:2.3:a:oracle:e-business_suite:12.0.6
-
cpe:2.3:a:oracle:e-business_suite:12.1
-
cpe:2.3:a:oracle:e-business_suite:12.1.1
-
cpe:2.3:a:oracle:e-business_suite:12.1.2
-
cpe:2.3:a:oracle:e-business_suite:12.1.3
-
cpe:2.3:a:oracle:e-business_suite:12.2
-
cpe:2.3:a:oracle:e-business_suite:12.2.10
-
cpe:2.3:a:oracle:e-business_suite:12.2.11
-
cpe:2.3:a:oracle:e-business_suite:12.2.12
-
cpe:2.3:a:oracle:e-business_suite:12.2.13
-
cpe:2.3:a:oracle:e-business_suite:12.2.2
-
cpe:2.3:a:oracle:e-business_suite:12.2.3
-
cpe:2.3:a:oracle:e-business_suite:12.2.4
-
cpe:2.3:a:oracle:e-business_suite:12.2.5
-
cpe:2.3:a:oracle:e-business_suite:12.2.6
-
cpe:2.3:a:oracle:e-business_suite:12.2.7
-
cpe:2.3:a:oracle:e-business_suite:12.2.8
-
cpe:2.3:a:oracle:e-business_suite:12.2.9
-
cpe:2.3:a:oracle:e-business_suite:4.3
-
cpe:2.3:a:oracle:e-business_suite:6.2.3
-
cpe:2.3:a:oracle:e-business_suite:6.2.4