Oracle: >> E-Business Suite >> 11i Security Vulnerabilities
SQL injection vulnerability in okxLOV.jsp in Oracle E-Business Suite 11 and 12 allows remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: this is probably the same issue as CVE-2007-5527 or CVE-2007-5528, but there are insufficient details to be sure.
CVSS Score
7.5
EPSS Score
0.004
Published
2007-11-08
The ADI_BINARY component in the Oracle E-Business Suite allows remote attackers to download arbitrary documents from the APPS.FND_DOCUMENTS table via the ADI_DISPLAY_REPORT function, when passed a certain parameter. NOTE: due to lack of details from Oracle, it is not clear whether this issue is related to other CVE identifiers such as CVE-2007-2126, CVE-2007-2127, or CVE-2007-2128.
CVSS Score
7.8
EPSS Score
0.006
Published
2007-04-24
The APPLSYS.FND_DM_NODES package in Oracle E-Business Suite does not check for valid sessions, which allows remote attackers to delete arbitrary nodes. NOTE: due to lack of details from Oracle, it is not clear whether this issue is related to other CVE identifiers such as CVE-2007-2126, CVE-2007-2127, or CVE-2007-2128.
CVSS Score
9.4
EPSS Score
0.019
Published
2007-04-24
Unspecified vulnerability in Workflow Cartridge, as used in Oracle Database Server 9.2.0.1, 10.1.0.2, and 10.2.0.1; Application Server 9.0.4.3 and 10.1.2.0.2; Collaboration Suite 10.1.2; and E-Business Suite; has unknown impact and remote authenticated attack vectors, aka OWF01.
CVSS Score
9.0
EPSS Score
0.021
Published
2007-04-18
Multiple SQL injection vulnerabilities in Oracle Applications 11.0 and Oracle E-Business Suite 11.5.1 through 11.5.8 allow remote attackers to execute arbitrary SQL procedures and queries.
CVSS Score
10.0
EPSS Score
0.06
Published
2004-08-06
Heap-based buffer overflow in Oracle 9i Application Server Web Cache 9.0.4.0.0, 9.0.3.1.0, 9.0.2.3.0, and 9.0.0.4.0 allows remote attackers to execute arbitrary code via a long HTTP request method header to the Web Cache listener. NOTE: due to the vagueness of the Oracle advisory, it is not clear whether there are additional issues besides this overflow, although the advisory alludes to multiple "vulnerabilities."
CVSS Score
10.0
EPSS Score
0.388
Published
2004-06-01
Oracle E-Business Suite Release 11i Applications Desktop Integrator (ADI) version 7.x includes a debug version of FNDPUB11I.DLL, which logs the APPS schema password in cleartext in a debug file, which allows local users to obtain the password and gain privileges.
CVSS Score
7.2
EPSS Score
0.005
Published
2001-08-14