CVE-2007-3867 - Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10CU2 have unknown impact and a

CVE-2007-3867

Summary

Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10CU2 have unknown impact and attack vectors, related to (1) APPS04, (2) APPS05, and (3) APPS06 in (a) Oracle Application Object Library, (4) APPS07 in Oracle Customer Intelligence, (5) APPS08 in Oracle Payments, (7) APPS10 in Oracle Human Resources, and (8) APPS11 in iRecruitment. As the impact type is unspecified, it has been set to a default value of "Obtain Other Access (e.g. application account)."

References

Vulnerable Configurations

cpe:2.3:a:oracle:e-business_suite:11.5.10.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:e-business_suite:11.5.10.2:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 15-10-2018 - 21:31)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bugtraq	20070724 Oracle E-Business Suite - Multiple Vulnerabilities
cert	TA07-200A
confirm	http://www.oracle.com/technetwork/topics/security/cpujul2007-087014.html
hp	HPSBMA02133 SSRT061201
misc	http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_July_2007_Analysis.pdf http://www.red-database-security.com/advisory/oracle_cpu_jul_2007.html
sectrack	1018415
secunia	26114 26166
vupen	ADV-2007-2562 ADV-2007-2635
xf	oracle-cpu-july2007(35490)

Last major update

15-10-2018 - 21:31

Published

18-07-2007 - 19:30

Last modified

15-10-2018 - 21:31