Oracle Industry Applications Multiple Flaws Let Remote Users Partially Modify Data
|
|
SecurityTracker Alert ID: 1023872 |
|
SecurityTracker URL: http://securitytracker.com/id/1023872
|
|
CVE Reference:
CVE-2010-0862, CVE-2010-0863, CVE-2010-0864, CVE-2010-0874, CVE-2010-0875, CVE-2010-0876
(Links to External Site)
|
Date: Apr 14 2010
|
Impact:
Modification of user information
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): Various
|
Description:
Several vulnerabilities were reported in Oracle Industry Applications. A remote user can partially modify data on the target application.
The Communications - Oracle Communications Unified Inventory Management [CVE-2010-0874], Life Sciences - Oracle Clinical Remote Data Capture Option [CVE-2010-0876], Life Sciences - Oracle Thesaurus Management System [CVE-2010-0875], Retail - Oracle Retail Markdown Optimization [CVE-2010-0862], and Retail - Oracle Retail Place In-Season [CVE-2010-0864, CVE-2010-0863] components are affected.
The following researchers reported these and other Oracle vulnerabilities:
Okan Basegmez of DORASEC Consulting; Esteban Martinez Fayo of Application Security, Inc.; Joxean Koret; Alexander Kornbrust of Red Database Security; David Litchfield formerly of NGS Software; Oleg P. of HSC Security Portal; and Alexandr Polyakov of Digital Security.
|
Impact:
A remote user can partially modify data on the target application.
|
Solution:
The vendor has issued a fix, described in their April 2010 Critical Patch Update advisory.
The Oracle advisory is available at:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2010.html
|
Vendor URL: www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2010.html (Links to External Site)
|
Cause:
Not specified
|
Underlying OS:
Linux (Any), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), Windows (2000), Windows (2003), Windows (Vista)
|
|
Message History:
None.
|
Source Message Contents
|
|
|
[Original Message Not Available for Viewing]
|
|
