SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Oracle E-Business Suite Vendors:   Oracle
Oracle E-Business Suite Multiple Flaws Let Remote Users Access and Modify Data and Cause Denial of Service Conditions on the Target System
SecurityTracker Alert ID:  1038926
SecurityTracker URL:  http://securitytracker.com/id/1038926
CVE Reference:   CVE-2017-10113, CVE-2017-10130, CVE-2017-10143, CVE-2017-10144, CVE-2017-10170, CVE-2017-10171, CVE-2017-10174, CVE-2017-10175, CVE-2017-10177, CVE-2017-10179, CVE-2017-10180, CVE-2017-10184, CVE-2017-10185, CVE-2017-10186, CVE-2017-10191, CVE-2017-10192, CVE-2017-10244, CVE-2017-10245, CVE-2017-10246, CVE-2017-3562   (Links to External Site)
Date:  Jul 18 2017
Impact:   Denial of service via network, Disclosure of system information, Disclosure of user information, Modification of system information, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6
Description:   Multiple vulnerabilities were reported in Oracle E-Business Suite. A remote user can access data on the target system. A remote user can modify data on the target system. A remote user can cause denial of service conditions on the target system.

A remote user can exploit a flaw in the Oracle Application Object Library iHelp component to access and partially modify data [CVE-2017-10246].

A remote user can exploit a flaw in the Oracle CRM Technical Foundation CMRO component to access and partially modify data [CVE-2017-10180].

A remote user can exploit a flaw in the Oracle CRM Technical Foundation Preferences component to access and partially modify data [CVE-2017-10143].

A remote user can exploit a flaw in the Oracle CRM Technical Foundation User Management component to access and partially modify data [CVE-2017-10185].

A remote user can exploit a flaw in the Oracle Common Applications CRM User Management Framework component to access and partially modify data [CVE-2017-10113].

A remote user can exploit a flaw in the Oracle Field Service Wireless/WAP component to access and partially modify data [CVE-2017-10170].

A remote user can exploit a flaw in the Oracle Marketing Home Page component to access and partially modify data [CVE-2017-10171].

A remote user can exploit a flaw in the Oracle Web Analytics Common Libraries component to access and partially modify data [CVE-2017-10191].

A remote user can exploit a flaw in the Oracle iStore User Registration component to access and partially modify data [CVE-2017-10112].

A remote user can exploit a flaw in the Oracle iSupport Service Request component to access and partially modify data [CVE-2017-10174].

A remote authenticated user can exploit a flaw in the Oracle Application Object Library Flexfields component to access and modify data [CVE-2017-10177].

A remote authenticated user can exploit a flaw in the Oracle iStore User Management component to access and partially modify data [CVE-2017-10130].

A remote user can exploit a flaw in the Oracle Applications Manager Oracle Diagnostics Interfaces component to cause denial of service conditions [CVE-2017-10144].

A remote user can exploit a flaw in the Oracle General Ledger Account Hierarchy Manager component to access data [CVE-2017-10245].

A remote user can exploit a flaw in the Application Management Pack for Oracle E-Business Suite User Monitoring component to partially access and partially modify data [CVE-2017-10179].

A remote user can exploit a flaw in the Oracle Application Object Library Attachments component to partially access data [CVE-2017-10244].

A remote user can exploit a flaw in the Oracle Field Service Wireless/WAP component to partially access data [CVE-2017-10184].

A remote user can exploit a flaw in the Oracle iStore Shopping Cart component to partially access data [CVE-2017-10192].

A remote user can exploit a flaw in the Oracle iStore User and Company Profile component to partially access data [CVE-2017-10186].

A remote authenticated user can exploit a flaw in the Oracle iSupport Profiles component to partially access data [CVE-2017-10175].

A remote authenticated user can exploit a flaw in the Oracle Applications DBA AD Utilities component to access and modify data [CVE-2017-3562].

Matias Mevied of Onapsis, Emiliano J. Fausto of Onapsis, Federico Dobal of Onapsis, Sergio Abraham of Onapsis, Juan Pablo Perez Etchegoyen of Onapsis, and Sarath Nair reported some of these vulnerabilities.

Impact:   A remote user can obtain data on the target system.

A remote user can modify data on the target system.

A remote user can cause denial of service conditions.

Solution:   The vendor has issued a fix as part of the July 2017 Oracle Critical Patch Update.

The vendor advisory is available at:

http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

Vendor URL:  www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html (Links to External Site)
Cause:   Not specified
Underlying OS:  Linux (Any), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), UNIX (Tru64), Windows (NT), Windows (2000), Windows (2003), Windows (XP)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC