Remote vulnerability in Oracle E-Business Suite shared application components

Release date:
Updated on:

Affected Systems:
Oracle E-Business Suite 11i 11.5.10.2
Oracle E-Business Suite 12 12.x
Description:
--------------------------------------------------------------------------------
Bugtraq id: 45870,45861
Cve id: CVE-2010-3589, CVE-2010-3587

Oracle E-Business Suite is a comprehensive enterprise Business application Suite.

Oracle E-Business Suite has a security vulnerability. Remote attackers can exploit this vulnerability to leak sensitive information and manipulate certain data.

1) An unspecified error exists in the Oracle Common Applications User Management component, which can be exploited to get the permission to insert and delete accessible data subsets and perform unauthorized updates.

2) an unspecified error exists in the Oracle Application Object Library Logout component, which can be used to obtain the permission to read, insert, and delete accessible data subsets and perform unauthorized updates.

<* Source: Oracle
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

Oracle
------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Http://www.oracle.com