CVE

Id
35563  
CVE No.
CVE-2008-5446  
Status
Candidate  
Description
Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10 CU2 and 12.0.6 allows remote authenticated users to affect confidentiality via unknown vectors. NOTE: the previous information was obtained from the January 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is related to unrestricted guest access to the "About Us Page" in the Oracle Applications Framework (OAF), which allows attackers to obtain sensitive system and application environment information.  
Phase
Assigned (20081211)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
390846 35563 CVE-2008-5446 BUGTRAQ:20090118 Advisory: Oracle EBusiness Suite Sensitive Information Disclosure Vulnerability  View
390847 35563 CVE-2008-5446 URL:http://www.securityfocus.com/archive/1/archive/1/500171/100/0/threaded  View
390848 35563 CVE-2008-5446 MISC:http://secniche.org/papers/orabs.pdf  View
390849 35563 CVE-2008-5446 CONFIRM:http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html  View
390850 35563 CVE-2008-5446 BID:33177  View
390851 35563 CVE-2008-5446 URL:http://www.securityfocus.com/bid/33177  View
390852 35563 CVE-2008-5446 VUPEN:ADV-2009-0115  View
390853 35563 CVE-2008-5446 URL:http://www.vupen.com/english/advisories/2009/0115  View
390854 35563 CVE-2008-5446 SECTRACK:1021568  View
390855 35563 CVE-2008-5446 URL:http://www.securitytracker.com/id?1021568  View
390856 35563 CVE-2008-5446 SECUNIA:33525  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
40650 JVNDB-2009-001656 Oracle E-Business Suite の Oracle Applications Platform Engineering コンポーネントにおける機密性に影響を及ぼされる脆弱性 Oracle E-Business Suite の Oracle Applications Platform Engineering コンポーネントには、機密性に影響を及ぼされる脆弱性が存在します。 CVE-2008-5450 35563 1.2 http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001656.html  View