SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Oracle Fusion Middleware Vendors:   Oracle
Oracle Fusion Middleware Bugs Let Remote Users Gain Elevated Privileges and Partially Access and Modify Data and Let Local and Remote Users Partially Deny Service
SecurityTracker Alert ID:  1031568
SecurityTracker URL:  http://securitytracker.com/id/1031568
CVE Reference:   CVE-2011-3389, CVE-2013-1741, CVE-2013-4286, CVE-2014-0114, CVE-2014-0224, CVE-2014-6526, CVE-2014-6548, CVE-2014-6576, CVE-2014-6580, CVE-2014-6592, CVE-2015-0362, CVE-2015-0367, CVE-2015-0372, CVE-2015-0376, CVE-2015-0389, CVE-2015-0399, CVE-2015-0401, CVE-2015-0414, CVE-2015-0420, CVE-2015-0434   (Links to External Site)
Date:  Jan 20 2015
Impact:   Denial of service via local system, Denial of service via network, Disclosure of system information, Disclosure of user information, Modification of system information, Modification of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   Multiple vulnerabilities were reported in Oracle Fusion Middleware. A remote user can gain elevated privileges on the target system. A remote or local user can cause partial denial of service conditions. A remote user can partially access and modify data on the target system.

A remote user can exploit a flaw in the Oracle Exalogic Infrastructure component to gain elevated privileges [CVE-2014-0224].

A remote user can exploit a flaw in the Oracle Directory Server Enterprise Edition component to partially access data, partially modify data, and partially deny service [CVE-2013-1741].

A remote user can exploit a flaw in the Oracle Real-Time Decision Server component to partially access data, partially modify data, and partially deny service [CVE-2014-0114].

A remote user can exploit a flaw in the Oracle Waveset component to partially access data, partially modify data, and partially deny service [CVE-2014-0114].

A remote user can exploit a flaw in the BI Publisher (formerly XML Publisher) component to partially access and partially modify data [CVE-2013-4286].

A remote authenticated user can exploit a flaw in the Oracle Adaptive Access Manager component to partially access and partially modify data [CVE-2014-6576].

A remote user can exploit a flaw in the BI Publisher (formerly XML Publisher) component to partially access data [CVE-2015-0362].

A remote user can exploit a flaw in the Oracle Access Manager component to partially modify data [CVE-2015-0367].

A remote user can exploit a flaw in the Oracle Containers for J2EE component to partially access data [CVE-2015-0372].

A local user can exploit a flaw in the Oracle SOA Suite component to partially access data, partially modify data, and partially deny service [CVE-2014-6548].

A remote user can exploit a flaw in the Oracle Access Manager component to partially access data [CVE-2015-0434].

A remote user can exploit a flaw in the Oracle Directory Server Enterprise Edition component to partially modify data [CVE-2014-6526].

A remote user can exploit a flaw in the Oracle Forms component to partially access data [CVE-2015-0420].

A remote user can exploit a flaw in the Oracle Reports Developer component to partially modify data [CVE-2014-6580].

A remote user can exploit a flaw in the Oracle Security Service component to partially access data [CVE-2011-3389].

A remote user can exploit a flaw in the Oracle WebCenter Content component to partially modify data [CVE-2015-0376].

A remote authenticated user can exploit a flaw in the Oracle Business Intelligence Enterprise Edition component to partially access data [CVE-2015-0399].

A remote authenticated user can exploit a flaw in the Oracle Directory Server Enterprise Edition component to partially modify data [CVE-2015-0401].

A remote authenticated user can exploit a flaw in the Oracle OpenSSO component to partially modify data [CVE-2015-0389].

A remote authenticated user can exploit a flaw in the Oracle OpenSSO component to partially modify data [CVE-2014-6592].

A remote authenticated user can exploit a flaw in the Oracle SOA Suite component to partially access data [CVE-2015-0414].

The following researchers reported these and other Oracle vulnerabilities:

Abdullah Erdem; Adam Willard of Foreground Security; Amir Sohail; Arjun V; Avik Sarkar; Ayoub Nait Lamine; Ben Khlifa Fahmi; Cameron Crowley; Christian Galeone;
Gaurav Mishra; Gopal Bisht; Gurjant Singh Sadhra; Karthik E C; Koutrouss Naddara; M.Asim Shahzad; Mohammed Osman; Monendra Sahu; Mousab Elhag; Muhammad Sarmad Shafiq; Rakesh Singh of Zero Day Guys; Sandeep Venkatesan; Sky_BlaCk; Sreehari; Srikanth Y; and Yann CAM.

Impact:   A remote user can gain elevated privileges on the target system.

A remote or local user can cause partial denial of service conditions.

A remote user can partially access and modify data on the target system.

Solution:   The vendor has issued a fix as part of the Oracle Critical Patch Update Advisory - January 2015.

The vendor's advisory is available at:

http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

Vendor URL:  www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html (Links to External Site)
Cause:   Not specified
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2022, SecurityGlobal.net LLC