SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Oracle E-Business Suite Vendors:   Oracle
Oracle E-Business Suite Multiple Flaws Let Remote Users Access and Modify Data on the Target System
SecurityTracker Alert ID:  1039592
SecurityTracker URL:  http://securitytracker.com/id/1039592
CVE Reference:   CVE-2017-10066, CVE-2017-10077, CVE-2017-10303, CVE-2017-10322, CVE-2017-10323, CVE-2017-10324, CVE-2017-10325, CVE-2017-10326, CVE-2017-10328, CVE-2017-10329, CVE-2017-10330, CVE-2017-10331, CVE-2017-10332, CVE-2017-10387, CVE-2017-10409, CVE-2017-10410, CVE-2017-10411, CVE-2017-10412, CVE-2017-10413, CVE-2017-10414, CVE-2017-10415, CVE-2017-10416, CVE-2017-10417, CVE-2017-3444, CVE-2017-3445, CVE-2017-3446   (Links to External Site)
Date:  Oct 17 2017
Impact:   Disclosure of system information, Disclosure of user information, Modification of system information, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   Multiple vulnerabilities were reported in Oracle E-Business Suite. A remote user can access data on the target system. A remote user can modify data on the target system.

A remote user can exploit a flaw in the Oracle Common Applications Gantt Server component to access and modify data [CVE-2017-10330].

A remote user can exploit a flaw in the Oracle Global Order Promising Reschedule Sales Orders component to access and modify data [CVE-2017-10329].

A remote user can exploit a flaw in the Oracle Advanced Outbound Telephony Setup and Configuration component to access and partially modify data [CVE-2017-10416, CVE-2017-10417].

A remote user can exploit a flaw in the Oracle Common Applications Calendar Applications Calendar component to access and partially modify data [CVE-2017-10325, CVE-2017-10326].

A remote user can exploit a flaw in the Oracle Interaction Center Intelligence Setup component to access and partially modify data [CVE-2017-10303].

A remote user can exploit a flaw in the Oracle iStore Checkout and Order Placement component to access and partially modify data [CVE-2017-10414].

A remote user can exploit a flaw in the Oracle iStore Merchant UI component to access and partially modify data [CVE-2017-10409].

A remote user can exploit a flaw in the Oracle iSupport Others component to access and partially modify data [CVE-2017-10415].

A remote user can exploit a flaw in the Oracle Knowledge Management Search component to access and partially modify data [CVE-2017-10410].

A remote user can exploit a flaw in the Oracle Knowledge Management User Interface component to access and partially modify data [CVE-2017-10411, CVE-2017-10412].

A remote user can exploit a flaw in the Oracle Mobile Field Service Multiplatform Based on HTML5 component to access and partially modify data [CVE-2017-10413].

A remote user can exploit a flaw in the Oracle Trade Management User Interface component to access and partially modify data [CVE-2017-3444, CVE-2017-3445, CVE-2017-3446].

A remote user can exploit a flaw in the Oracle Web Applications Desktop Integrator Application Service component to access and partially modify data [CVE-2017-10323].

A remote user can exploit a flaw in the Oracle Application Object Library Diagnostics component to access data [CVE-2017-10328].

A remote user can exploit a flaw in the Oracle Universal Work Queue Administration component to access data [CVE-2017-10332].

A remote authenticated user can exploit a flaw in the Oracle Applications DBA AD Utilities component to access and modify data [CVE-2017-10077].

A remote user can exploit a flaw in the Oracle Application Object Library Diagnostics component to partially access data [CVE-2017-10331].

A remote user can exploit a flaw in the Oracle Applications Technology Stack Oracle Forms component to partially access data [CVE-2017-10324, CVE-2017-10066].

A remote user can exploit a flaw in the Oracle Common Applications Calendar Applications Calendar component to partially modify data [CVE-2017-10322].

A remote user can exploit a flaw in the Oracle CRM Technical Foundation Preferences component to partially modify data [CVE-2017-10387].

Gaston Traberg of Onapsis, Juan Pablo Perez Etchegoyen of Onapsis, Martin Doyhenard of Onapsis, Matias Mevied of Onapsis, and Vahagn Vardanyan of ERPScan reported these vulnerabilities.

Impact:   A remote user can obtain data on the target system.

A remote user can modify data on the target system.

Solution:   Oracle has issued a fix as part of the October 2017 Oracle Critical Patch Update.

The vendor advisory is available at:

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

Vendor URL:  www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html (Links to External Site)
Cause:   Not specified
Underlying OS:  Linux (Any), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), Windows (2008), Windows (2012), Windows (2016), Windows (XP)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC