U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:oracle:e-business_suite:11i:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 7 matching records.
Displaying matches 1 through 7.
Vuln ID Summary CVSS Severity
CVE-2007-5766

SQL injection vulnerability in okxLOV.jsp in Oracle E-Business Suite 11 and 12 allows remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: this is probably the same issue as CVE-2007-5527 or CVE-2007-5528, but there are insufficient details to be sure.

Published: November 08, 2007; 3:46:00 PM -0500 		V4.0:(not available)
 V3.x:(not available)
 V2.0: 7.5 HIGH
CVE-2007-2135

The ADI_BINARY component in the Oracle E-Business Suite allows remote attackers to download arbitrary documents from the APPS.FND_DOCUMENTS table via the ADI_DISPLAY_REPORT function, when passed a certain parameter. NOTE: due to lack of details from Oracle, it is not clear whether this issue is related to other CVE identifiers such as CVE-2007-2126, CVE-2007-2127, or CVE-2007-2128.

Published: April 24, 2007; 4:19:00 PM -0400 		V4.0:(not available)
 V3.x:(not available)
 V2.0: 7.8 HIGH
CVE-2007-2170

The APPLSYS.FND_DM_NODES package in Oracle E-Business Suite does not check for valid sessions, which allows remote attackers to delete arbitrary nodes. NOTE: due to lack of details from Oracle, it is not clear whether this issue is related to other CVE identifiers such as CVE-2007-2126, CVE-2007-2127, or CVE-2007-2128.

Published: April 24, 2007; 4:19:00 PM -0400 		V4.0:(not available)
 V3.x:(not available)
 V2.0: 9.4 HIGH
CVE-2007-2130

Unspecified vulnerability in Workflow Cartridge, as used in Oracle Database Server 9.2.0.1, 10.1.0.2, and 10.2.0.1; Application Server 9.0.4.3 and 10.1.2.0.2; Collaboration Suite 10.1.2; and E-Business Suite; has unknown impact and remote authenticated attack vectors, aka OWF01.

Published: April 18, 2007; 2:19:00 PM -0400 		V4.0:(not available)
 V3.x:(not available)
 V2.0: 9.0 HIGH
CVE-2004-0543

Multiple SQL injection vulnerabilities in Oracle Applications 11.0 and Oracle E-Business Suite 11.5.1 through 11.5.8 allow remote attackers to execute arbitrary SQL procedures and queries.

Published: August 06, 2004; 12:00:00 AM -0400 		V4.0:(not available)
 V3.x:(not available)
 V2.0: 10.0 HIGH
CVE-2004-0385

Heap-based buffer overflow in Oracle 9i Application Server Web Cache 9.0.4.0.0, 9.0.3.1.0, 9.0.2.3.0, and 9.0.0.4.0 allows remote attackers to execute arbitrary code via a long HTTP request method header to the Web Cache listener. NOTE: due to the vagueness of the Oracle advisory, it is not clear whether there are additional issues besides this overflow, although the advisory alludes to multiple "vulnerabilities."

Published: June 01, 2004; 12:00:00 AM -0400 		V4.0:(not available)
 V3.x:(not available)
 V2.0: 10.0 HIGH
CVE-2001-0528

Oracle E-Business Suite Release 11i Applications Desktop Integrator (ADI) version 7.x includes a debug version of FNDPUB11I.DLL, which logs the APPS schema password in cleartext in a debug file, which allows local users to obtain the password and gain privileges.

Published: August 14, 2001; 12:00:00 AM -0400 		V4.0:(not available)
 V3.x:(not available)
 V2.0: 7.2 HIGH