) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:oracle:e-business_suite:11.2:*:*:*:*:*:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2007-2135 |
The ADI_BINARY component in the Oracle E-Business Suite allows remote attackers to download arbitrary documents from the APPS.FND_DOCUMENTS table via the ADI_DISPLAY_REPORT function, when passed a certain parameter. NOTE: due to lack of details from Oracle, it is not clear whether this issue is related to other CVE identifiers such as CVE-2007-2126, CVE-2007-2127, or CVE-2007-2128. Published: April 24, 2007; 4:19:00 PM -0400 |
V3.x:(not available) V2.0: 7.8 HIGH |
| CVE-2007-2170 |
The APPLSYS.FND_DM_NODES package in Oracle E-Business Suite does not check for valid sessions, which allows remote attackers to delete arbitrary nodes. NOTE: due to lack of details from Oracle, it is not clear whether this issue is related to other CVE identifiers such as CVE-2007-2126, CVE-2007-2127, or CVE-2007-2128. Published: April 24, 2007; 4:19:00 PM -0400 |
V3.x:(not available) V2.0: 9.4 HIGH |
| CVE-2007-2130 |
Unspecified vulnerability in Workflow Cartridge, as used in Oracle Database Server 9.2.0.1, 10.1.0.2, and 10.2.0.1; Application Server 9.0.4.3 and 10.1.2.0.2; Collaboration Suite 10.1.2; and E-Business Suite; has unknown impact and remote authenticated attack vectors, aka OWF01. Published: April 18, 2007; 2:19:00 PM -0400 |
V3.x:(not available) V2.0: 9.0 HIGH |
| CVE-2005-3456 |
Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5 up to 11.5.9 have unknown impact and attack vectors, as identified by Oracle Vuln# (1) APPS04 in Application Object Library, and (2) APPS17, (3) APPS18, and (4) APPS21 in Workflow Cartridge. Published: November 02, 2005; 6:03:00 AM -0500 |
V3.x:(not available) V2.0: 10.0 HIGH |
| CVE-2005-3457 |
Unspecified vulnerability in Oracle E-Business Suite and Applications 11.0 up to 11.5.10 has unknown impact and attack vectors, as identified by Oracle Vuln# APPS08 in HRMS. Published: November 02, 2005; 6:03:00 AM -0500 |
V3.x:(not available) V2.0: 10.0 HIGH |
| CVE-2003-1116 |
The communications protocol for the Report Review Agent (RRA), aka FND File Server (FNDFS) program, in Oracle E-Business Suite 10.7, 11.0, and 11.5.1 to 11.5.8 allows remote attackers to bypass authentication and obtain sensitive information from the Oracle Applications Concurrent Manager by spoofing requests to the TNS Listener. Published: December 31, 2003; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
| CVE-2003-0632 |
Buffer overflow in the Oracle Applications Web Report Review (FNDWRR) CGI program (FNDWRR.exe) of Oracle E-Business Suite 11.0 and 11.5.1 through 11.5.8 may allow remote attackers to execute arbitrary code via a long URL. Published: August 27, 2003; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
| CVE-2003-0633 |
Multiple vulnerabilities in aoljtest.jsp of Oracle Applications AOL/J Setup Test Suite in Oracle E-Business Suite 11.5.1 through 11.5.8 allow a remote attacker to obtain sensitive information without authentication, such as the GUEST user password and the application server security key. Published: August 27, 2003; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
| CVE-2002-1666 |
Unknown vulnerability in Oracle E-Business Suite 11i.1 through 11i.6 allows remote attackers to execute unauthorized PL/SQL procedures by modifying the Oracle Applications URL. Published: December 31, 2002; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
| CVE-2002-1882 |
Unknown vulnerability in AolSecurityPrivate.class in Oracle E-Business Suite 11i 11.1 through 11.6 allows remote attackers to bypass user authentication checks via unknown attack vectors. Published: December 31, 2002; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |