Lucene search

PRIOn knowledge basePRION:CVE-2008-5446

HistoryJan 14, 2009 - 2:30 a.m.

Design/Logic Flaw

2009-01-1402:30:00

PRIOn knowledge base

www.prio-n.com

5.4 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

65.5%

JSON

Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10 CU2 and 12.0.6 allows remote authenticated users to affect confidentiality via unknown vectors. NOTE: the previous information was obtained from the January 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is related to unrestricted guest access to the “About Us Page” in the Oracle Applications Framework (OAF), which allows attackers to obtain sensitive system and application environment information.

CPENameOperatorVersion
e-business_suiteeq11.5 cu2
e-business_suite_12eq12.0.6

CPE	Name	Operator	Version
	e-business_suite	eq	11.5 cu2
	e-business_suite_12	eq	12.0.6

References

secniche.org/papers/orabs.pdf

secunia.com/advisories/33525

www.oracle.com/technetwork/topics/security/cpujan2009-097901.html

www.securityfocus.com/archive/1/500171/100/0/threaded

www.securityfocus.com/bid/33177

www.securitytracker.com/id?1021568

www.vupen.com/english/advisories/2009/0115