3.5

CVE-2008-5446

Exploit

EPSS 0.36%
Veröffentlicht 14.01.2009 02:30:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle secalert_us@oracle.com
Teams Watchlist Login
Unerledigt Login

Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10 CU2 and 12.0.6 allows remote authenticated users to affect confidentiality via unknown vectors.  NOTE: the previous information was obtained from the January 2009 CPU.  Oracle has not commented on reliable researcher claims that this issue is related to unrestricted guest access to the "About Us Page" in the Oracle Applications Framework (OAF), which allows attackers to obtain sensitive system and application environment information.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 10

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Oracle ≫ E-business Suite Version11.5 Updatecu2

Oracle ≫ E-business Suite 12 Version12.0.6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.36%	0.573

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	3.5	6.8	2.9	AV:N/AC:M/Au:S/C:P/I:N/A:N

http://secunia.com/advisories/33525

Vendor Advisory

http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html

http://www.securityfocus.com/bid/33177

Exploit

http://www.vupen.com/english/advisories/2009/0115

Vendor Advisory

http://secniche.org/papers/orabs.pdf

http://www.securityfocus.com/archive/1/500171/100/0/threaded

http://www.securitytracker.com/id?1021568

https://nvd.nist.gov/vuln/detail/CVE-2008-5446

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-5446

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-5446

EUVD