CVE-2008-5446
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10 CU2 and 12.0.6 allows remote authenticated users to affect confidentiality via unknown vectors. NOTE: the previous information was obtained from the January 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is related to unrestricted guest access to the "About Us Page" in the Oracle Applications Framework (OAF), which allows attackers to obtain sensitive system and application environment information.
Una vulnerabilidad no especificada en el componente Oracle Applications Framework de Oracle E-Business Suite versiones 11.5.10 CU2 y 12.0.6, permite a los usuarios autenticados remotos afectar la confidencialidad por medio de vectores desconocidos. NOTA: la información anterior fue obtenida de la CPU de enero de 2009. Oracle no ha comentado sobre las afirmaciones de investigadores confiables de que este problema está relacionado con el acceso ilimitado de los invitados a la "About Us Page" en el Oracle Applications Framework (OAF), que permite a los atacantes obtener información confidencial sobre el sistema y el entorno de las aplicaciones.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2008-12-11 CVE Reserved
- 2009-01-14 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-07 CVE Updated
- 2024-08-07 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://secniche.org/papers/orabs.pdf | X_refsource_misc | |
| http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html | X_refsource_confirm |
|
| http://www.securityfocus.com/archive/1/500171/100/0/threaded | Mailing List | |
| http://www.securitytracker.com/id?1021568 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| http://www.securityfocus.com/bid/33177 | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/33525 | 2018-10-11 | |
| http://www.vupen.com/english/advisories/2009/0115 | 2018-10-11 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Oracle Search vendor "Oracle" | E-business Suite Search vendor "Oracle" for product "E-business Suite" | 11.5 Search vendor "Oracle" for product "E-business Suite" and version "11.5" | cu2 |
Affected
| ||||||
| Oracle Search vendor "Oracle" | E-business Suite 12 Search vendor "Oracle" for product "E-business Suite 12" | 12.0.6 Search vendor "Oracle" for product "E-business Suite 12" and version "12.0.6" | - |
Affected
| ||||||