Vulnerability Description
Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10 CU2 and 12.0.6 allows remote authenticated users to affect confidentiality via unknown vectors. NOTE: the previous information was obtained from the January 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is related to unrestricted guest access to the "About Us Page" in the Oracle Applications Framework (OAF), which allows attackers to obtain sensitive system and application environment information.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Oracle | E-Business Suite | 11.5 |
| Oracle | E-Business Suite 12 | 12.0.6 |
References
- http://secniche.org/papers/orabs.pdf
- http://secunia.com/advisories/33525Vendor Advisory
- http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html
- http://www.securityfocus.com/archive/1/500171/100/0/threaded
- http://www.securityfocus.com/bid/33177Exploit
- http://www.securitytracker.com/id?1021568
- http://www.vupen.com/english/advisories/2009/0115Vendor Advisory
- http://secniche.org/papers/orabs.pdf
- http://secunia.com/advisories/33525Vendor Advisory
- http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html
- http://www.securityfocus.com/archive/1/500171/100/0/threaded
- http://www.securityfocus.com/bid/33177Exploit
- http://www.securitytracker.com/id?1021568
- http://www.vupen.com/english/advisories/2009/0115Vendor Advisory
FAQ
What is CVE-2008-5446?
CVE-2008-5446 is a vulnerability with a CVSS score of 3.5 (LOW). Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10 CU2 and 12.0.6 allows remote authenticated users to affect confidentiality via unknown vecto...
How severe is CVE-2008-5446?
CVE-2008-5446 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-5446?
Check the references section above for vendor advisories and patch information. Affected products include: Oracle E-Business Suite, Oracle E-Business Suite 12.