Oracle E-Business Suite Multiple Vulnerabilities
Release Date : 2013-04-17
Criticality level : Moderately critical
Impact : Exposure of sensitive information
Where : From remote
Solution Status: Vendor Patch
Oracle E-Business Suite 11i
Oracle E-Business Suite 12.x
Multiple vulnerabilities have been reported in Oracle E-Business Suite, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, and cause a DoS (Denial of Service).
1) An error within the Login sub-component of the Oracle iStore component can be exploited to update, insert, or delete Oracle iStore accessible data.
2) An error within the Diagnostics sub-component of the Oracle Application Object Library component can be exploited to gain read access to a subset of Oracle Application Object Library accessible data.
3) An error within the Attachments sub-component of the Oracle Application Object Library component can be exploited to update, insert or delete Oracle Application Object Library accessible data.
4) An error within the Payroll sub-component of the Oracle HRMS component can be exploited to update, insert or delete Oracle HRMS accessible data.
5) An error within the Mid Tier File Management sub-component of Oracle Applications Technology Stack can be exploited to cause a partial DoS.
6) An error within the HTML OAM client sub-component of the Oracle Applications Manager component component can be exploited to update, insert or delete Oracle Applications Manager accessible data.
The vulnerabilities are reported in versions 220.127.116.11, 12.0.6, 12.1.1, 12.1.2, and 12.1.3.
Apply patches (please see the vendor's advisory for details).
Provided and/or discovered by:
It is currently unclear who reported these vulnerabilities as the Oracle Critical Patch Update for April 2013 only provides a bundled list of credits. This section will be updated when/if the original reporter provides more information.
Was this reply helpful? (0) (0)