ID CVE-2007-3866Type cveReporter cve@mitre.orgModified 2018-10-15T21:31:00
Description
Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10CU2 and 12.0.1 allow remote attackers to have an unknown impact via (a) Oracle Configurator (APPS02), (b) Oracle iExpenses (APPS03), (c) Oracle Application Object Library (APPS09), and (1) APPS12, (2) APPS13, and (3) APPS14 in (d) Oracle Payables.
As the impact type is unspecified, it has been set to a default value of "Obtain Other Access (e.g. application account)."
{"id": "CVE-2007-3866", "bulletinFamily": "NVD", "title": "CVE-2007-3866", "description": "Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10CU2 and 12.0.1 allow remote attackers to have an unknown impact via (a) Oracle Configurator (APPS02), (b) Oracle iExpenses (APPS03), (c) Oracle Application Object Library (APPS09), and (1) APPS12, (2) APPS13, and (3) APPS14 in (d) Oracle Payables.\nAs the impact type is unspecified, it has been set to a default value of \"Obtain Other Access (e.g. application account).\"", "published": "2007-07-18T19:30:00", "modified": "2018-10-15T21:31:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-3866", "reporter": "cve@mitre.org", "references": ["http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_July_2007_Analysis.pdf", "http://www.oracle.com/technetwork/topics/security/cpujul2007-087014.html", "http://www.vupen.com/english/advisories/2007/2562", "http://www.securityfocus.com/archive/1/474515/100/0/threaded", "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00727143", "http://www.securitytracker.com/id?1018415", "http://secunia.com/advisories/26166", "http://www.vupen.com/english/advisories/2007/2635", "http://www.red-database-security.com/advisory/oracle_cpu_jul_2007.html", "http://secunia.com/advisories/26114", "https://exchange.xforce.ibmcloud.com/vulnerabilities/35490", "http://www.us-cert.gov/cas/techalerts/TA07-200A.html"], "cvelist": ["CVE-2007-3866"], "type": "cve", "lastseen": "2021-02-02T05:31:25", "edition": 4, "viewCount": 6, "enchantments": {"dependencies": {"references": [{"type": "osvdb", "idList": ["OSVDB:40011", "OSVDB:40009", "OSVDB:39999", "OSVDB:40010", "OSVDB:40006", "OSVDB:40000"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:17584", "SECURITYVULNS:VULN:7942"]}], "modified": "2021-02-02T05:31:25", "rev": 2}, "score": {"value": 8.0, "vector": "NONE", "modified": "2021-02-02T05:31:25", "rev": 2}, "vulnersScore": 8.0}, "cpe": ["cpe:/a:oracle:e-business_suite:12.0.1", "cpe:/a:oracle:e-business_suite:11.5.10.2"], "affectedSoftware": [{"cpeName": "oracle:e-business_suite", "name": "oracle e-business suite", "operator": "eq", "version": "12.0.1"}, {"cpeName": "oracle:e-business_suite", "name": "oracle e-business suite", "operator": "eq", "version": "11.5.10.2"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:a:oracle:e-business_suite:12.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:e-business_suite:11.5.10.2:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-Other"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:oracle:e-business_suite:12.0.1:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:e-business_suite:11.5.10.2:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "26114", "refsource": "SECUNIA", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/26114"}, {"name": "20070724 Oracle E-Business Suite - Multiple Vulnerabilities", "refsource": "BUGTRAQ", "tags": [], "url": "http://www.securityfocus.com/archive/1/474515/100/0/threaded"}, {"name": "SSRT061201", "refsource": "HP", "tags": [], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00727143"}, {"name": "http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_July_2007_Analysis.pdf", "refsource": "MISC", "tags": [], "url": "http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_July_2007_Analysis.pdf"}, {"name": "ADV-2007-2635", "refsource": "VUPEN", "tags": [], "url": "http://www.vupen.com/english/advisories/2007/2635"}, {"name": "26166", "refsource": "SECUNIA", "tags": [], "url": "http://secunia.com/advisories/26166"}, {"name": "1018415", "refsource": "SECTRACK", "tags": [], "url": "http://www.securitytracker.com/id?1018415"}, {"name": "http://www.oracle.com/technetwork/topics/security/cpujul2007-087014.html", "refsource": "CONFIRM", "tags": [], "url": "http://www.oracle.com/technetwork/topics/security/cpujul2007-087014.html"}, {"name": "oracle-cpu-july2007(35490)", "refsource": "XF", "tags": [], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35490"}, {"name": "TA07-200A", "refsource": "CERT", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-200A.html"}, {"name": "ADV-2007-2562", "refsource": "VUPEN", "tags": [], "url": "http://www.vupen.com/english/advisories/2007/2562"}, {"name": "http://www.red-database-security.com/advisory/oracle_cpu_jul_2007.html", "refsource": "MISC", "tags": [], "url": "http://www.red-database-security.com/advisory/oracle_cpu_jul_2007.html"}]}
{"osvdb": [{"lastseen": "2017-04-28T13:20:36", "bulletinFamily": "software", "cvelist": ["CVE-2007-3866"], "description": "# No description provided by the source\n\n## References:\n[Vendor Specific Advisory URL](http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2007.html)\n[Secunia Advisory ID:26114](https://secuniaresearch.flexerasoftware.com/advisories/26114/)\n[Secunia Advisory ID:26166](https://secuniaresearch.flexerasoftware.com/advisories/26166/)\n[Related OSVDB ID: 1020155](https://vulners.com/osvdb/OSVDB:1020155)\n[Related OSVDB ID: 40010](https://vulners.com/osvdb/OSVDB:40010)\n[Related OSVDB ID: 1020259](https://vulners.com/osvdb/OSVDB:1020259)\n[Related OSVDB ID: 1020263](https://vulners.com/osvdb/OSVDB:1020263)\n[Related OSVDB ID: 1020264](https://vulners.com/osvdb/OSVDB:1020264)\n[Related OSVDB ID: 1016246](https://vulners.com/osvdb/OSVDB:1016246)\n[Related OSVDB ID: 1020159](https://vulners.com/osvdb/OSVDB:1020159)\n[Related OSVDB ID: 1020253](https://vulners.com/osvdb/OSVDB:1020253)\n[Related OSVDB ID: 1020258](https://vulners.com/osvdb/OSVDB:1020258)\n[Related OSVDB ID: 1020261](https://vulners.com/osvdb/OSVDB:1020261)\n[Related OSVDB ID: 1020157](https://vulners.com/osvdb/OSVDB:1020157)\n[Related OSVDB ID: 1020158](https://vulners.com/osvdb/OSVDB:1020158)\n[Related OSVDB ID: 40011](https://vulners.com/osvdb/OSVDB:40011)\n[Related OSVDB ID: 1020156](https://vulners.com/osvdb/OSVDB:1020156)\n[Related OSVDB ID: 1020254](https://vulners.com/osvdb/OSVDB:1020254)\n[Related OSVDB ID: 1020260](https://vulners.com/osvdb/OSVDB:1020260)\n[Related OSVDB ID: 1020262](https://vulners.com/osvdb/OSVDB:1020262)\n[Related OSVDB ID: 1020265](https://vulners.com/osvdb/OSVDB:1020265)\nOther Advisory URL: http://itrc.hp.com/service/cki/docDisplay.do?docId=c00727143\nNews Article: http://www.eweek.com/article2/0,1895,2158203,00.asp\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-07/0261.html\nKeyword: HPSBMA02133,SSRT061201,c00727143\n[CVE-2007-3866](https://vulners.com/cve/CVE-2007-3866)\n", "edition": 1, "modified": "2007-07-18T17:36:15", "published": "2007-07-18T17:36:15", "href": "https://vulners.com/osvdb/OSVDB:40009", "id": "OSVDB:40009", "title": "Oracle E-Business Suite Payables Payable User Unspecified Remote Information Disclosure (APPS12)", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:36", "bulletinFamily": "software", "cvelist": ["CVE-2007-3866"], "description": "# No description provided by the source\n\n## References:\n[Vendor Specific Advisory URL](http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2007.html)\n[Secunia Advisory ID:26114](https://secuniaresearch.flexerasoftware.com/advisories/26114/)\n[Secunia Advisory ID:26166](https://secuniaresearch.flexerasoftware.com/advisories/26166/)\n[Related OSVDB ID: 1020155](https://vulners.com/osvdb/OSVDB:1020155)\n[Related OSVDB ID: 1020256](https://vulners.com/osvdb/OSVDB:1020256)\n[Related OSVDB ID: 1020259](https://vulners.com/osvdb/OSVDB:1020259)\n[Related OSVDB ID: 1020263](https://vulners.com/osvdb/OSVDB:1020263)\n[Related OSVDB ID: 1020264](https://vulners.com/osvdb/OSVDB:1020264)\n[Related OSVDB ID: 1016246](https://vulners.com/osvdb/OSVDB:1016246)\n[Related OSVDB ID: 1020159](https://vulners.com/osvdb/OSVDB:1020159)\n[Related OSVDB ID: 1020253](https://vulners.com/osvdb/OSVDB:1020253)\n[Related OSVDB ID: 1020258](https://vulners.com/osvdb/OSVDB:1020258)\n[Related OSVDB ID: 1020261](https://vulners.com/osvdb/OSVDB:1020261)\n[Related OSVDB ID: 1020157](https://vulners.com/osvdb/OSVDB:1020157)\n[Related OSVDB ID: 1020158](https://vulners.com/osvdb/OSVDB:1020158)\n[Related OSVDB ID: 40011](https://vulners.com/osvdb/OSVDB:40011)\n[Related OSVDB ID: 1020156](https://vulners.com/osvdb/OSVDB:1020156)\n[Related OSVDB ID: 1020254](https://vulners.com/osvdb/OSVDB:1020254)\n[Related OSVDB ID: 1020260](https://vulners.com/osvdb/OSVDB:1020260)\n[Related OSVDB ID: 1020262](https://vulners.com/osvdb/OSVDB:1020262)\n[Related OSVDB ID: 1020265](https://vulners.com/osvdb/OSVDB:1020265)\nOther Advisory URL: http://itrc.hp.com/service/cki/docDisplay.do?docId=c00727143\nNews Article: http://www.eweek.com/article2/0,1895,2158203,00.asp\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-07/0261.html\nKeyword: HPSBMA02133,SSRT061201,c00727143\n[CVE-2007-3866](https://vulners.com/cve/CVE-2007-3866)\n", "edition": 1, "modified": "2007-07-18T17:36:15", "published": "2007-07-18T17:36:15", "href": "https://vulners.com/osvdb/OSVDB:40010", "id": "OSVDB:40010", "title": "Oracle E-Business Suite Payables Payable User Unspecified Remote Information Disclosure (APPS13)", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:36", "bulletinFamily": "software", "cvelist": ["CVE-2007-3866"], "description": "# No description provided by the source\n\n## References:\n[Vendor Specific Advisory URL](http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2007.html)\n[Secunia Advisory ID:26114](https://secuniaresearch.flexerasoftware.com/advisories/26114/)\n[Secunia Advisory ID:26166](https://secuniaresearch.flexerasoftware.com/advisories/26166/)\n[Related OSVDB ID: 1020155](https://vulners.com/osvdb/OSVDB:1020155)\n[Related OSVDB ID: 1020255](https://vulners.com/osvdb/OSVDB:1020255)\n[Related OSVDB ID: 1020256](https://vulners.com/osvdb/OSVDB:1020256)\n[Related OSVDB ID: 1020259](https://vulners.com/osvdb/OSVDB:1020259)\n[Related OSVDB ID: 1020263](https://vulners.com/osvdb/OSVDB:1020263)\n[Related OSVDB ID: 1020264](https://vulners.com/osvdb/OSVDB:1020264)\n[Related OSVDB ID: 1016246](https://vulners.com/osvdb/OSVDB:1016246)\n[Related OSVDB ID: 1020159](https://vulners.com/osvdb/OSVDB:1020159)\n[Related OSVDB ID: 1020253](https://vulners.com/osvdb/OSVDB:1020253)\n[Related OSVDB ID: 1020258](https://vulners.com/osvdb/OSVDB:1020258)\n[Related OSVDB ID: 1020261](https://vulners.com/osvdb/OSVDB:1020261)\n[Related OSVDB ID: 1020157](https://vulners.com/osvdb/OSVDB:1020157)\n[Related OSVDB ID: 1020158](https://vulners.com/osvdb/OSVDB:1020158)\n[Related OSVDB ID: 1020156](https://vulners.com/osvdb/OSVDB:1020156)\n[Related OSVDB ID: 1020254](https://vulners.com/osvdb/OSVDB:1020254)\n[Related OSVDB ID: 1020260](https://vulners.com/osvdb/OSVDB:1020260)\n[Related OSVDB ID: 1020262](https://vulners.com/osvdb/OSVDB:1020262)\n[Related OSVDB ID: 1020265](https://vulners.com/osvdb/OSVDB:1020265)\nOther Advisory URL: http://itrc.hp.com/service/cki/docDisplay.do?docId=c00727143\nNews Article: http://www.eweek.com/article2/0,1895,2158203,00.asp\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-07/0261.html\nKeyword: HPSBMA02133,SSRT061201,c00727143\n[CVE-2007-3866](https://vulners.com/cve/CVE-2007-3866)\n", "edition": 1, "modified": "2007-07-18T17:36:15", "published": "2007-07-18T17:36:15", "href": "https://vulners.com/osvdb/OSVDB:40011", "id": "OSVDB:40011", "title": "Oracle E-Business Suite Payables Payable User Unspecified Remote Information Disclosure (APPS14)", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:36", "bulletinFamily": "software", "cvelist": ["CVE-2007-3866"], "description": "# No description provided by the source\n\n## References:\n[Vendor Specific Advisory URL](http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2007.html)\n[Secunia Advisory ID:26114](https://secuniaresearch.flexerasoftware.com/advisories/26114/)\n[Secunia Advisory ID:26166](https://secuniaresearch.flexerasoftware.com/advisories/26166/)\n[Related OSVDB ID: 1020155](https://vulners.com/osvdb/OSVDB:1020155)\n[Related OSVDB ID: 40010](https://vulners.com/osvdb/OSVDB:40010)\n[Related OSVDB ID: 40009](https://vulners.com/osvdb/OSVDB:40009)\n[Related OSVDB ID: 40003](https://vulners.com/osvdb/OSVDB:40003)\n[Related OSVDB ID: 1016246](https://vulners.com/osvdb/OSVDB:1016246)\n[Related OSVDB ID: 1020159](https://vulners.com/osvdb/OSVDB:1020159)\n[Related OSVDB ID: 40001](https://vulners.com/osvdb/OSVDB:40001)\n[Related OSVDB ID: 1020157](https://vulners.com/osvdb/OSVDB:1020157)\n[Related OSVDB ID: 1020158](https://vulners.com/osvdb/OSVDB:1020158)\n[Related OSVDB ID: 40004](https://vulners.com/osvdb/OSVDB:40004)\n[Related OSVDB ID: 40008](https://vulners.com/osvdb/OSVDB:40008)\n[Related OSVDB ID: 40011](https://vulners.com/osvdb/OSVDB:40011)\n[Related OSVDB ID: 40006](https://vulners.com/osvdb/OSVDB:40006)\n[Related OSVDB ID: 40002](https://vulners.com/osvdb/OSVDB:40002)\n[Related OSVDB ID: 40000](https://vulners.com/osvdb/OSVDB:40000)\n[Related OSVDB ID: 1020156](https://vulners.com/osvdb/OSVDB:1020156)\n[Related OSVDB ID: 40005](https://vulners.com/osvdb/OSVDB:40005)\n[Related OSVDB ID: 40007](https://vulners.com/osvdb/OSVDB:40007)\nOther Advisory URL: http://itrc.hp.com/service/cki/docDisplay.do?docId=c00727143\nNews Article: http://www.eweek.com/article2/0,1895,2158203,00.asp\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-07/0261.html\nKeyword: HPSBMA02133,SSRT061201,c00727143\n[CVE-2007-3866](https://vulners.com/cve/CVE-2007-3866)\n", "edition": 1, "modified": "2007-07-18T17:36:15", "published": "2007-07-18T17:36:15", "href": "https://vulners.com/osvdb/OSVDB:39999", "id": "OSVDB:39999", "title": "Oracle E-Business Suite Configurator HTTP Unspecified Remote Issue", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:36", "bulletinFamily": "software", "cvelist": ["CVE-2007-3866"], "description": "# No description provided by the source\n\n## References:\n[Vendor Specific Advisory URL](http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2007.html)\n[Secunia Advisory ID:26114](https://secuniaresearch.flexerasoftware.com/advisories/26114/)\n[Secunia Advisory ID:26166](https://secuniaresearch.flexerasoftware.com/advisories/26166/)\n[Related OSVDB ID: 1020155](https://vulners.com/osvdb/OSVDB:1020155)\n[Related OSVDB ID: 40010](https://vulners.com/osvdb/OSVDB:40010)\n[Related OSVDB ID: 40009](https://vulners.com/osvdb/OSVDB:40009)\n[Related OSVDB ID: 40003](https://vulners.com/osvdb/OSVDB:40003)\n[Related OSVDB ID: 1016246](https://vulners.com/osvdb/OSVDB:1016246)\n[Related OSVDB ID: 1020159](https://vulners.com/osvdb/OSVDB:1020159)\n[Related OSVDB ID: 40001](https://vulners.com/osvdb/OSVDB:40001)\n[Related OSVDB ID: 1020157](https://vulners.com/osvdb/OSVDB:1020157)\n[Related OSVDB ID: 1020158](https://vulners.com/osvdb/OSVDB:1020158)\n[Related OSVDB ID: 40004](https://vulners.com/osvdb/OSVDB:40004)\n[Related OSVDB ID: 40008](https://vulners.com/osvdb/OSVDB:40008)\n[Related OSVDB ID: 40011](https://vulners.com/osvdb/OSVDB:40011)\n[Related OSVDB ID: 40006](https://vulners.com/osvdb/OSVDB:40006)\n[Related OSVDB ID: 40002](https://vulners.com/osvdb/OSVDB:40002)\n[Related OSVDB ID: 1020156](https://vulners.com/osvdb/OSVDB:1020156)\n[Related OSVDB ID: 40005](https://vulners.com/osvdb/OSVDB:40005)\n[Related OSVDB ID: 40007](https://vulners.com/osvdb/OSVDB:40007)\n[Related OSVDB ID: 1020265](https://vulners.com/osvdb/OSVDB:1020265)\nOther Advisory URL: http://itrc.hp.com/service/cki/docDisplay.do?docId=c00727143\nNews Article: http://www.eweek.com/article2/0,1895,2158203,00.asp\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-07/0261.html\nKeyword: HPSBMA02133,SSRT061201,c00727143\n[CVE-2007-3866](https://vulners.com/cve/CVE-2007-3866)\n", "edition": 1, "modified": "2007-07-18T17:36:15", "published": "2007-07-18T17:36:15", "href": "https://vulners.com/osvdb/OSVDB:40000", "id": "OSVDB:40000", "title": "Oracle E-Business Suite iExpenses HTTP Unspecified Remote Issue", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:36", "bulletinFamily": "software", "cvelist": ["CVE-2007-3866"], "description": "# No description provided by the source\n\n## References:\n[Vendor Specific Advisory URL](http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2007.html)\n[Secunia Advisory ID:26114](https://secuniaresearch.flexerasoftware.com/advisories/26114/)\n[Secunia Advisory ID:26166](https://secuniaresearch.flexerasoftware.com/advisories/26166/)\n[Related OSVDB ID: 1020155](https://vulners.com/osvdb/OSVDB:1020155)\n[Related OSVDB ID: 40010](https://vulners.com/osvdb/OSVDB:40010)\n[Related OSVDB ID: 40009](https://vulners.com/osvdb/OSVDB:40009)\n[Related OSVDB ID: 1020259](https://vulners.com/osvdb/OSVDB:1020259)\n[Related OSVDB ID: 1020263](https://vulners.com/osvdb/OSVDB:1020263)\n[Related OSVDB ID: 1020264](https://vulners.com/osvdb/OSVDB:1020264)\n[Related OSVDB ID: 1016246](https://vulners.com/osvdb/OSVDB:1016246)\n[Related OSVDB ID: 1020159](https://vulners.com/osvdb/OSVDB:1020159)\n[Related OSVDB ID: 1020253](https://vulners.com/osvdb/OSVDB:1020253)\n[Related OSVDB ID: 1020261](https://vulners.com/osvdb/OSVDB:1020261)\n[Related OSVDB ID: 1020157](https://vulners.com/osvdb/OSVDB:1020157)\n[Related OSVDB ID: 1020158](https://vulners.com/osvdb/OSVDB:1020158)\n[Related OSVDB ID: 40008](https://vulners.com/osvdb/OSVDB:40008)\n[Related OSVDB ID: 40011](https://vulners.com/osvdb/OSVDB:40011)\n[Related OSVDB ID: 1020156](https://vulners.com/osvdb/OSVDB:1020156)\n[Related OSVDB ID: 40007](https://vulners.com/osvdb/OSVDB:40007)\n[Related OSVDB ID: 1020262](https://vulners.com/osvdb/OSVDB:1020262)\n[Related OSVDB ID: 1020265](https://vulners.com/osvdb/OSVDB:1020265)\nOther Advisory URL: http://itrc.hp.com/service/cki/docDisplay.do?docId=c00727143\nNews Article: http://www.eweek.com/article2/0,1895,2158203,00.asp\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-07/0261.html\nKeyword: HPSBMA02133,SSRT061201,c00727143\n[CVE-2007-3866](https://vulners.com/cve/CVE-2007-3866)\n", "edition": 1, "modified": "2007-07-18T17:36:15", "published": "2007-07-18T17:36:15", "href": "https://vulners.com/osvdb/OSVDB:40006", "id": "OSVDB:40006", "title": "Oracle E-Business Suite Application Object Library Unspecified Remote Information Disclosure", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:22", "bulletinFamily": "software", "cvelist": ["CVE-2007-3866", "CVE-2007-3867", "CVE-2007-3865"], "description": "Multiple security vulnerabilities have been corrected in the Oracle Business\r\nSuite 11i and R12 as part of July 2007 Oracle Critical Patch Update (CPU).\r\nAll Internet accessible environments should prioritize patch 6045931\r\n(APPS04/05/06) in order to correct multiple vulnerabilities in the On-line\r\nhelp or temporarily disable the help functionality using the Oracle supplied\r\n"URL Firewall".\r\n\r\nAPPS01 / CVE-2007-3865\r\nCustomer Intelligence (BIC) (R12 only)\r\nSQL Injection\r\n\r\nAPPS02 / CVE-2007-3866\r\nConfigurator (CZ)\r\nCross Site Scripting\r\n\r\nAPPS03 / CVE-2007-3866\r\nInternet Expenses (AP)\r\nCross Site Scripting\r\n\r\nAPPS04 / CVE-2007-3867\r\nAPPS05 / CVE-2007-3867\r\nAPPS06 / CVE-2007-3867\r\nOn-line Help (FND)\r\nSQL Injection, Cross Site Scripting (multiple), Information Disclosure\r\n\r\nAPPS07 / CVE-2007-3867\r\nCustomer Intelligence (BIC)\r\nSQL Injection\r\n\r\nAPPS08 / CVE-2007-3867\r\niPayment (IBY)\r\nInformation Disclosure\r\n\r\nAPPS09 / CVE-2007-3866\r\nApplication Object Library (FND)\r\nSQL Injection\r\n\r\nAPPS10 / CVE-2007-3867\r\nHuman Resources (PER)\r\nSQL Injection\r\n\r\nSee the Oracle Critical Patch Update July 2007 Advisory for exact versions\r\nand CVSS base metric scores.\r\n\r\nFix: Apply the patches as directed in Oracle Metalink Note ID 432882.1.\r\n\r\nCredit: These vulnerabilities were discovered by Stephen Kost and Jack\r\nKanter of Integrigy Corporation\r\n\r\nFor more details on the impact of the July 2007 CPU on Oracle E-Business\r\nSuite implementations, see Integrigy's analysis of the CPU at -\r\n\r\nhttp://www.integrigy.com/oracle-cpu-july-2007\r\n\r\nIntegrigy has included checks for these vulnerabilities in AppSentry, a\r\nvulnerability scanner for Oracle Applications, and AppDefend, an application\r\nintrusion prevention system for Oracle Applications.\r\n\r\nFor more information or questions regarding these vulnerabilities or\r\nremediation steps, please contact us at alerts@integrigy.com.\r\n", "edition": 1, "modified": "2007-07-24T00:00:00", "published": "2007-07-24T00:00:00", "id": "SECURITYVULNS:DOC:17584", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:17584", "title": "Oracle E-Business Suite - Multiple Vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:26", "bulletinFamily": "software", "cvelist": ["CVE-2007-3866", "CVE-2007-3867", "CVE-2007-0270", "CVE-2007-3865", "CVE-2007-3855", "CVE-2007-0272"], "description": "DBMS_DRS.GET_PROPERTY and MDSYS.MD buffer overflow, crossite scripting, privilege escalation with views.", "edition": 1, "modified": "2007-07-24T00:00:00", "published": "2007-07-24T00:00:00", "id": "SECURITYVULNS:VULN:7942", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:7942", "title": "Oracle multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:COMPLETE/A:COMPLETE/"}}]}
