Vulnerabilities > CVE-2008-5446 - Multiple vulnerability in Oracle January 2009 Critical Patch Update

047910
CVSS 3.5 - LOW
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
SINGLE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
oracle
NVD
Published: 2009-01-14
Updated: 2018-10-11

Summary

Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10 CU2 and 12.0.6 allows remote authenticated users to affect confidentiality via unknown vectors. NOTE: the previous information was obtained from the January 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is related to unrestricted guest access to the "About Us Page" in the Oracle Applications Framework (OAF), which allows attackers to obtain sensitive system and application environment information.

Vulnerable Configurations

Part Description Count
Application
Oracle
2

Saint

  • bid33177
    descriptionOracle Secure Backup NDMP_CONECT_CLIENT_AUTH buffer overflow
    iddatabase_oracle_backupndmpbo,database_oracle_backupver
    osvdb51340
    titleoracle_secure_backup_ndmp_clientauth
    typeremote
  • bid33177
    descriptionOracle Secure Backup login.php ora_osb_lcookie command execution
    iddatabase_oracle_backupver
    osvdb51343
    titleoracle_secure_backup_login_lcookie
    typeremote
  • bid33177
    descriptionOracle WebLogic Server IIS Connector JSESSIONID buffer overflow
    titleweblogic_iis_connector_jsessionid
    typeremote
  • bid33177
    descriptionOracle Secure Backup login.php rbtool command injection
    iddatabase_oracle_backupver
    osvdb51342
    titleoracle_secure_backup_login_rbtool
    typeremote
  • bid33177
    descriptionOracle Database OLAP component ODCITABLESTART buffer overflow
    iddatabase_oracle_version
    osvdb51347
    titleoracle_olap_odcitablestart
    typeremote

References