Oracle Application Server Single Sign-On Unspecified Data

by Carol~ Moderator - 1/16/13 1:30 PM

In Reply to: VULNERABILITIES / FIXES - January 16, 2013 by Carol~ Moderator

Oracle Application Server Single Sign-On Unspecified Data Manipulation Vulnerability

Release Date : 2013-01-16

Criticality level : Less critical
Impact: Manipulation of data
Where : From local network
Solution Status : Vendor Patch

Software: Oracle Application Server 10g

Description:
A vulnerability has been reported in Oracle Application Server, which can be exploited by malicious people to manipulate certain data.

The vulnerability is caused due to an error within the Single Sign-On component and can be exploited to update, insert, or delete certain Oracle Application Server Single Sign-On accessible data.

The vulnerability is reported in all supported versions.

Solution:
Apply patches (please see the vendor's advisory for details

Provided and/or discovered by:
It is currently unclear who reported the vulnerability as the Oracle Critical Patch Update for January 2013 only provides a bundled list of credits. This section will be updated when/if the original reporter provides more information.

Original Advisory:
Oracle:
http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html#AppendixFMW

http://secunia.com/advisories/51895/