CVE-2008-7238 - OpenCVE

Multiple unspecified vulnerabilities in Oracle E-Business Suite 12.0.3 allow (1) local users to affect confidentiality and integrity via unknown vectors related to the Mobile Application Server component (APP01); (2) remote attackers to affect confidentiality via unknown vectors related to the Oracle Applications Framework (APP03); remote authenticated users to affect confidentiality and integrity via unknown vectors related to the (3) CRM Technical Foundation (APP05) and (4) Oracle Application Object Library (APP06); and remote authenticated users to affect integrity and availability via unknown vectors related to (5) Oracle Applications Technology Stack (APP07).

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:S/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Oracle	E-business Suite

Configuration 1 [-]

cpe:2.3:a:oracle:e-business_suite:12.0.3:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://marc.info/?l=bugtraq&m=120058413923005&w=2
http://secunia.com/advisories/28518
http://secunia.com/advisories/28556
http://securitytracker.com/id?1019218
http://www.oracle.com/technetwork/topics/security/cpujan2008-086860.html
http://www.osvdb.org/40284
http://www.osvdb.org/40286
http://www.osvdb.org/40288
http://www.osvdb.org/40289
http://www.osvdb.org/40290
http://www.securityfocus.com/bid/27229
http://www.us-cert.gov/cas/techalerts/TA08-017A.html
http://www.vupen.com/english/advisories/2008/0150
http://www.vupen.com/english/advisories/2008/0180

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-09-14T14:00:00

Updated: 2024-08-07T11:56:14.504Z

Reserved: 2009-09-14T00:00:00

Link: CVE-2008-7238

Vulnrichment

No data.

NVD

Status : Modified

Published: 2009-09-14T14:30:00.657

Modified: 2012-10-23T03:01:38.087

Link: CVE-2008-7238

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-01-17T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple unspecified vulnerabilities in Oracle E-Business Suite 12.0.3 allow (1) local users to affect confidentiality and integrity via unknown vectors related to the Mobile Application Server component (APP01); (2) remote attackers to affect confidentiality via unknown vectors related to the Oracle Applications Framework (APP03); remote authenticated users to affect confidentiality and integrity via unknown vectors related to the (3) CRM Technical Foundation (APP05) and (4) Oracle Application Object Library (APP06); and remote authenticated users to affect integrity and availability via unknown vectors related to (5) Oracle Applications Technology Stack (APP07)."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2012-10-23T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "1019218", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1019218"}, {"name": "27229", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/27229"}, {"name": "TA08-017A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA08-017A.html"}, {"name": "ADV-2008-0150", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/0150"}, {"name": "40286", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/40286"}, {"name": "ADV-2008-0180", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/0180"}, {"name": "40290", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/40290"}, {"name": "SSRT061201", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=120058413923005&w=2"}, {"name": "40284", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/40284"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2008-086860.html"}, {"name": "HPSBMA02133", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=120058413923005&w=2"}, {"name": "28556", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28556"}, {"name": "40288", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/40288"}, {"name": "28518", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28518"}, {"name": "40289", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/40289"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-7238", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple unspecified vulnerabilities in Oracle E-Business Suite 12.0.3 allow (1) local users to affect confidentiality and integrity via unknown vectors related to the Mobile Application Server component (APP01); (2) remote attackers to affect confidentiality via unknown vectors related to the Oracle Applications Framework (APP03); remote authenticated users to affect confidentiality and integrity via unknown vectors related to the (3) CRM Technical Foundation (APP05) and (4) Oracle Application Object Library (APP06); and remote authenticated users to affect integrity and availability via unknown vectors related to (5) Oracle Applications Technology Stack (APP07)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1019218", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1019218"}, {"name": "27229", "refsource": "BID", "url": "http://www.securityfocus.com/bid/27229"}, {"name": "TA08-017A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA08-017A.html"}, {"name": "ADV-2008-0150", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0150"}, {"name": "40286", "refsource": "OSVDB", "url": "http://www.osvdb.org/40286"}, {"name": "ADV-2008-0180", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0180"}, {"name": "40290", "refsource": "OSVDB", "url": "http://www.osvdb.org/40290"}, {"name": "SSRT061201", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=120058413923005&w=2"}, {"name": "40284", "refsource": "OSVDB", "url": "http://www.osvdb.org/40284"}, {"name": "http://www.oracle.com/technetwork/topics/security/cpujan2008-086860.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/cpujan2008-086860.html"}, {"name": "HPSBMA02133", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=120058413923005&w=2"}, {"name": "28556", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28556"}, {"name": "40288", "refsource": "OSVDB", "url": "http://www.osvdb.org/40288"}, {"name": "28518", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28518"}, {"name": "40289", "refsource": "OSVDB", "url": "http://www.osvdb.org/40289"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T11:56:14.504Z"}, "title": "CVE Program Container", "references": [{"name": "1019218", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1019218"}, {"name": "27229", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/27229"}, {"name": "TA08-017A", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"], "url": "http://www.us-cert.gov/cas/techalerts/TA08-017A.html"}, {"name": "ADV-2008-0150", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/0150"}, {"name": "40286", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/40286"}, {"name": "ADV-2008-0180", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/0180"}, {"name": "40290", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/40290"}, {"name": "SSRT061201", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=120058413923005&w=2"}, {"name": "40284", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/40284"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2008-086860.html"}, {"name": "HPSBMA02133", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=120058413923005&w=2"}, {"name": "28556", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/28556"}, {"name": "40288", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/40288"}, {"name": "28518", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/28518"}, {"name": "40289", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/40289"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-7238", "datePublished": "2009-09-14T14:00:00", "dateReserved": "2009-09-14T00:00:00", "dateUpdated": "2024-08-07T11:56:14.504Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:e-business_suite:12.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "1036B69E-013B-4492-B691-40BAC7C2F42A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple unspecified vulnerabilities in Oracle E-Business Suite 12.0.3 allow (1) local users to affect confidentiality and integrity via unknown vectors related to the Mobile Application Server component (APP01); (2) remote attackers to affect confidentiality via unknown vectors related to the Oracle Applications Framework (APP03); remote authenticated users to affect confidentiality and integrity via unknown vectors related to the (3) CRM Technical Foundation (APP05) and (4) Oracle Application Object Library (APP06); and remote authenticated users to affect integrity and availability via unknown vectors related to (5) Oracle Applications Technology Stack (APP07)."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades no especificada en Oracle E-Business Suite v12.0.3, permiten (1) a usuarios locales comprometer la confidencialidad e integridad a trav\u00e9s de vectores desconocidos relacionados con el componente Application SErver (APP01); (2) a atacantes remotos comprometer la confidencialidad a trav\u00e9s de vectores desconocidos relacionados con Oracle Applications Framework (APP03); usuarios autenticados en remoto comprometer la confidencialidad e integridad a trav\u00e9s de vectores desconocidos relacionados con (3)CRM Technical Foundation (APP05) y (4) Oracle Application Object Library (APP06); y a usuarios autenticados en remoto comprometer la integridad y disponibilidad a trav\u00e9s de vectores desconocidos relacionados con (5) Oracle Applications Technology Stack (APP07)."}], "id": "CVE-2008-7238", "lastModified": "2012-10-23T03:01:38.087", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-09-14T14:30:00.657", "references": [{"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=120058413923005&w=2"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/28518"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/28556"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://securitytracker.com/id?1019218"}, {"source": "cve@mitre.org", "url": "http://www.oracle.com/technetwork/topics/security/cpujan2008-086860.html"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/40284"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/40286"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/40288"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/40289"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/40290"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch"], "url": "http://www.securityfocus.com/bid/27229"}, {"source": "cve@mitre.org", "tags": ["Patch", "US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA08-017A.html"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2008/0150"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.vupen.com/english/advisories/2008/0180"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}