|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Sun Jan 17 2010 - 17:57:15 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
----------------------------------------------------------------------
Accurate Vulnerability Scanning
No more false positives, no more false negatives
http://secunia.com/vulnerability_scanning/
----------------------------------------------------------------------
TITLE:
Oracle E-Business Suite Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA38058
VERIFY ADVISORY:
http://secunia.com/advisories/38058/
DESCRIPTION:
Some vulnerabilities have been reported in Oracle E-Business Suite,
which can be exploited by malicious people to disclose potentially
sensitive information or manipulate certain data.
1) An error in the CRM Technical Foundation component can be
exploited to disclose or manipulate certain data.
2) An error in the Oracle HRMS component can be exploited to disclose
certain data.
3) An error in the Oracle Application Object Library component can be
exploited to manipulate certain data.
The vulnerabilities are reported in the following products and
versions:
* Oracle E-Business Suite Release 12 versions 12.0.4, 12.0.5, 12.0.6,
12.1.1, and 12.1.2
* Oracle E-Business Suite Release 11i version 11.5.10.2
SOLUTION:
Apply patches (please see the vendor's advisory for details).
PROVIDED AND/OR DISCOVERED BY:
For the vulnerabilities fixed in the January Critical Patch Update,
the vendor credits:
* Esteban Martinez Fayo, Application Security, Inc.
* Alexander Kornbrust, Red Database Security
* David Litchfield, NGS Software
* Brian Martin, INS.com
* Guy Pilosof, Sentrigo
* JPCERT/CC Vulnerability Handling Team
* Daiki Fukumori [Secure Sky Technology], JPCERT/CC Vulnerability
Handling Team
* Dennis Yurichev
ORIGINAL ADVISORY:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2010.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]