CVE-2004-0543

Current Description

Multiple SQL injection vulnerabilities in Oracle Applications 11.0 and Oracle E-Business Suite 11.5.1 through 11.5.8 allow remote attackers to execute arbitrary SQL procedures and queries.

Basic Data

PublishedAugust 06, 2004
Last ModifiedJuly 11, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score10.0
SeverityHIGH
Exploitability Score10.0
Impact Score10.0
Obtain All Privilegetrue
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationOracleApplications11.0*******
    2.3ApplicationOracleE-business Suite11.5.1*******
    2.3ApplicationOracleE-business Suite11.5.2*******
    2.3ApplicationOracleE-business Suite11.5.3*******
    2.3ApplicationOracleE-business Suite11.5.4*******
    2.3ApplicationOracleE-business Suite11.5.5*******
    2.3ApplicationOracleE-business Suite11.5.6*******
    2.3ApplicationOracleE-business Suite11.5.7*******
    2.3ApplicationOracleE-business Suite11.5.8*******
    2.3ApplicationOracleE-business Suite11i*******

Vulnerable Software List

VendorProductVersions
Oracle E-business Suite 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11i
Oracle Applications 11.0

References

NameSourceURLTags
20040604 Integrigy Security Alert - Multiple SQL Injection Vulnerabilities in Oracle E-Business Suitehttp://archives.neohapsis.com/archives/vulnwatch/2004-q2/0032.htmlVULNWATCH
20040604 Integrigy Security Alert - Multiple SQL Injection Vulnerabilities in Oracle E-Business Suitehttp://marc.info/?l=bugtraq&m=108638417302229&w=2BUGTRAQ
http://otn.oracle.com/deploy/security/pdf/2004alert67.pdfhttp://otn.oracle.com/deploy/security/pdf/2004alert67.pdfCONFIRM
O-153http://www.ciac.org/ciac/bulletins/o-153.shtmlCIAC
http://www.integrigy.com/alerts/OraAppsSQLInjection.htmhttp://www.integrigy.com/alerts/OraAppsSQLInjection.htmMISC
VU#961579http://www.kb.cert.org/vuls/id/961579CERT-VNPATCH Third Party Advisory US Government Resource
10465http://www.securityfocus.com/bid/10465BIDPATCH Vendor Advisory
TA04-160Ahttp://www.us-cert.gov/cas/techalerts/TA04-160A.htmlCERTPATCH Third Party Advisory US Government Resource
oracle-ebusiness-sql-injection(16324)https://exchange.xforce.ibmcloud.com/vulnerabilities/16324XF