Vulnerabilities > CVE-2011-0836 - Unspecified vulnerability in Oracle products

CVSS 3.5 - LOW

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

SINGLE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

oracle

exploit available

NVD

Published: 2011-04-20

Updated: 2012-08-03

Summary

Unspecified vulnerability in Oracle JD Edwards EnterpriseOne Tools 8.9 GA through 8.98.4.1 and OneWorld Tools through 24.1.3 allows remote authenticated users to affect integrity, related to Web Runtime SEC.

Vulnerable Configurations

Part	Description	Count
Application	Oracle Oracle Enterpriseone Tools 8.9 Oracle JD Edwards Enterpriseone 8.9 Oracle JD Edwards Enterpriseone 8.9.18 Oracle JD Edwards Enterpriseone 8.98.1.4 Oracle JD Edwards Enterpriseone 8.98.2.1 Oracle JD Edwards Enterpriseone EP 8.9 Oracle Oneworld Tools * Oracle Peoplesoft AND Jdedwards Product Suite 8.9 Oracle Peoplesoft AND Jdedwards Product Suite 8.98.4.1 Oracle Peoplesoft AND Jdedwards Suite SCM 8.9	18

Exploit-Db

description	Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC /jde/E1Menu_Menu.mafService e1.namespace Parameter XSS. CVE-2011-0836. Remote exploits for multipl...
id	EDB-ID:35639
last seen	2016-02-04
modified	2011-04-19
published	2011-04-19
reporter	Juan Manuel Garcia
source	https://www.exploit-db.com/download/35639/
title	Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC /jde/E1Menu_Menu.mafService e1.namespace Parameter XSS

description	Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC /jde/E1Menu.maf jdeowpBackButtonProtect Parameter XSS. CVE-2011-0836. Remote exploits for multiple...
id	EDB-ID:35638
last seen	2016-02-04
modified	2011-04-19
published	2011-04-19
reporter	Juan Manuel Garcia
source	https://www.exploit-db.com/download/35638/
title	Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC /jde/E1Menu.maf jdeowpBackButtonProtect Parameter XSS

description	Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC /jde/E1Menu_OCL.mafService e1.namespace Parameter XSS. CVE-2011-0836. Remote exploits for multiple...
id	EDB-ID:35640
last seen	2016-02-04
modified	2011-04-19
published	2011-04-19
reporter	Juan Manuel Garcia
source	https://www.exploit-db.com/download/35640/
title	Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC /jde/E1Menu_OCL.mafService e1.namespace Parameter XSS

description	Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC /jde/JASMafletMafBrowserClose.mafService jdemafjasLinkTarget Parameter XSS. CVE-2011-0836. Remote ...
id	EDB-ID:35642
last seen	2016-02-04
modified	2011-04-19
published	2011-04-19
reporter	Juan Manuel Garcia
source	https://www.exploit-db.com/download/35642/
title	Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC /jde/JASMafletMafBrowserClose.mafService jdemafjasLinkTarget Parameter XSS

description	Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC /jde/MafletClose.mafService RENDER_MAFLET Parameter XSS. CVE-2011-0836. Remote exploits for multip...
id	EDB-ID:35641
last seen	2016-02-04
modified	2011-04-19
published	2011-04-19
reporter	Juan Manuel Garcia
source	https://www.exploit-db.com/download/35641/
title	Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC /jde/MafletClose.mafService RENDER_MAFLET Parameter XSS

Packetstorm

data source	https://packetstormsecurity.com/files/download/100649/cybsecoraclejd-xss.txt
id	PACKETSTORM:100649
last seen	2016-12-05
published	2011-04-21
reporter	Juan Manuel Garcia
source	https://packetstormsecurity.com/files/100649/Oracle-JD-Edwards-EnterpriseOne-Cross-Site-Scripting.html
title	Oracle JD Edwards EnterpriseOne Cross Site Scripting

References

http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html