CVE-2007-3866 - OpenCVE

Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10CU2 and 12.0.1 allow remote attackers to have an unknown impact via (a) Oracle Configurator (APPS02), (b) Oracle iExpenses (APPS03), (c) Oracle Application Object Library (APPS09), and (1) APPS12, (2) APPS13, and (3) APPS14 in (d) Oracle Payables.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Oracle	E-business Suite

Configuration 1 [-]

OR	cpe:2.3:a:oracle:e-business_suite:11.5.10.2:::::::*
	cpe:2.3:a:oracle:e-business_suite:12.0.1:::::::*

References

Link	Resource
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00727143
http://secunia.com/advisories/26114	Vendor Advisory
http://secunia.com/advisories/26166
http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_July_2007_Analysis.pdf
http://www.oracle.com/technetwork/topics/security/cpujul2007-087014.html
http://www.red-database-security.com/advisory/oracle_cpu_jul_2007.html
http://www.securityfocus.com/archive/1/474515/100/0/threaded
http://www.securitytracker.com/id?1018415
http://www.us-cert.gov/cas/techalerts/TA07-200A.html	US Government Resource
http://www.vupen.com/english/advisories/2007/2562
http://www.vupen.com/english/advisories/2007/2635
https://exchange.xforce.ibmcloud.com/vulnerabilities/35490

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2007-07-18T19:00:00

Updated: 2018-10-15T20:57:01

Reserved: 2007-07-18T00:00:00

Link: CVE-2007-3866

JSON object: View

NVD Information

Status : Modified

Published: 2007-07-18T19:30:00.000

Modified: 2018-10-15T21:31:51.067

Link: CVE-2007-3866

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-07-17T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10CU2 and 12.0.1 allow remote attackers to have an unknown impact via (a) Oracle Configurator (APPS02), (b) Oracle iExpenses (APPS03), (c) Oracle Application Object Library (APPS09), and (1) APPS12, (2) APPS13, and (3) APPS14 in (d) Oracle Payables."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-15T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "SSRT061201", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00727143"}, {"name": "26114", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26114"}, {"name": "26166", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26166"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/cpujul2007-087014.html"}, {"name": "TA07-200A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-200A.html"}, {"name": "ADV-2007-2562", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/2562"}, {"name": "ADV-2007-2635", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/2635"}, {"name": "HPSBMA02133", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00727143"}, {"name": "oracle-cpu-july2007(35490)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35490"}, {"tags": ["x_refsource_MISC"], "url": "http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_July_2007_Analysis.pdf"}, {"name": "1018415", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1018415"}, {"name": "20070724 Oracle E-Business Suite - Multiple Vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/474515/100/0/threaded"}, {"tags": ["x_refsource_MISC"], "url": "http://www.red-database-security.com/advisory/oracle_cpu_jul_2007.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-3866", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10CU2 and 12.0.1 allow remote attackers to have an unknown impact via (a) Oracle Configurator (APPS02), (b) Oracle iExpenses (APPS03), (c) Oracle Application Object Library (APPS09), and (1) APPS12, (2) APPS13, and (3) APPS14 in (d) Oracle Payables."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "SSRT061201", "refsource": "HP", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00727143"}, {"name": "26114", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26114"}, {"name": "26166", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26166"}, {"name": "http://www.oracle.com/technetwork/topics/security/cpujul2007-087014.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/cpujul2007-087014.html"}, {"name": "TA07-200A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA07-200A.html"}, {"name": "ADV-2007-2562", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/2562"}, {"name": "ADV-2007-2635", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/2635"}, {"name": "HPSBMA02133", "refsource": "HP", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00727143"}, {"name": "oracle-cpu-july2007(35490)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35490"}, {"name": "http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_July_2007_Analysis.pdf", "refsource": "MISC", "url": "http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_July_2007_Analysis.pdf"}, {"name": "1018415", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1018415"}, {"name": "20070724 Oracle E-Business Suite - Multiple Vulnerabilities", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/474515/100/0/threaded"}, {"name": "http://www.red-database-security.com/advisory/oracle_cpu_jul_2007.html", "refsource": "MISC", "url": "http://www.red-database-security.com/advisory/oracle_cpu_jul_2007.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-3866", "datePublished": "2007-07-18T19:00:00", "dateReserved": "2007-07-18T00:00:00", "dateUpdated": "2018-10-15T20:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.10.2:*:*:*:*:*:*:*", "matchCriteriaId": "80B61990-9CC2-4215-9879-AC817F4E6767", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:e-business_suite:12.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "610AE265-C18D-4895-8034-5DB331DC68DF", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10CU2 and 12.0.1 allow remote attackers to have an unknown impact via (a) Oracle Configurator (APPS02), (b) Oracle iExpenses (APPS03), (c) Oracle Application Object Library (APPS09), and (1) APPS12, (2) APPS13, and (3) APPS14 in (d) Oracle Payables."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades sin especificar en el Oracle E-Business Suite 11.5.10CU2 y 12.0.1 permiten a atacantes remotos tener un impacto desconocido a trav\u00e9s de (a) el Oracle Configurator (APPS02), (b) el Oracle iExpenses (APPS03), (c) el Oracle Application Object Library (APPS09) y (1) APPS12, (2) APPS13 y (3) APPS14 en el (d) Oracle Payables."}], "evaluatorImpact": "As the impact type is unspecified, it has been set to a default value of \"Obtain Other Access (e.g. application account).\"", "id": "CVE-2007-3866", "lastModified": "2018-10-15T21:31:51.067", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-07-18T19:30:00.000", "references": [{"source": "cve@mitre.org", "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00727143"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/26114"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/26166"}, {"source": "cve@mitre.org", "url": "http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_July_2007_Analysis.pdf"}, {"source": "cve@mitre.org", "url": "http://www.oracle.com/technetwork/topics/security/cpujul2007-087014.html"}, {"source": "cve@mitre.org", "url": "http://www.red-database-security.com/advisory/oracle_cpu_jul_2007.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/474515/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1018415"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-200A.html"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/2562"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/2635"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35490"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}