CVE-2007-3866

Current Description

Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10CU2 and 12.0.1 allow remote attackers to have an unknown impact via (a) Oracle Configurator (APPS02), (b) Oracle iExpenses (APPS03), (c) Oracle Application Object Library (APPS09), and (1) APPS12, (2) APPS13, and (3) APPS14 in (d) Oracle Payables.

Evaluator Description

As the impact type is unspecified, it has been set to a default value of "Obtain Other Access (e.g. application account)."

Basic Data

PublishedJuly 18, 2007
Last ModifiedOctober 15, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score7.5
SeverityHIGH
Exploitability Score10.0
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegetrue

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationOracleE-business Suite11.5.10.2*******
    2.3ApplicationOracleE-business Suite12.0.1*******

Vulnerable Software List

VendorProductVersions
Oracle E-business Suite 11.5.10.2, 12.0.1

References

NameSourceURLTags
SSRT061201http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00727143HP
26114http://secunia.com/advisories/26114SECUNIAVendor Advisory
26166http://secunia.com/advisories/26166SECUNIA
http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_July_2007_Analysis.pdfhttp://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_July_2007_Analysis.pdfMISC
http://www.oracle.com/technetwork/topics/security/cpujul2007-087014.htmlhttp://www.oracle.com/technetwork/topics/security/cpujul2007-087014.htmlCONFIRM
http://www.red-database-security.com/advisory/oracle_cpu_jul_2007.htmlhttp://www.red-database-security.com/advisory/oracle_cpu_jul_2007.htmlMISC
20070724 Oracle E-Business Suite - Multiple Vulnerabilitieshttp://www.securityfocus.com/archive/1/474515/100/0/threadedBUGTRAQ
1018415http://www.securitytracker.com/id?1018415SECTRACK
TA07-200Ahttp://www.us-cert.gov/cas/techalerts/TA07-200A.htmlCERTUS Government Resource
ADV-2007-2562http://www.vupen.com/english/advisories/2007/2562VUPEN
ADV-2007-2635http://www.vupen.com/english/advisories/2007/2635VUPEN
oracle-cpu-july2007(35490)https://exchange.xforce.ibmcloud.com/vulnerabilities/35490XF