Executive Summary
| Summary | |
|---|---|
| Title | HP Oracle for OpenView (OfO) Critical Patch Update |
| Informations | |||
|---|---|---|---|
| Name | HPSBMA02133 SSRT061201 | First vendor Publication | 2006-07-19 |
| Vendor | HP | Last vendor Modification | 2008-07-15 |
| Severity (Vendor) | N/A | Revision | 9 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 10 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Oracle® has issued a Critical Patch Update which contains solutions for a number of potential security vulnerabilities. These vulnerabilities may be exploited locally or remotely to compromise the confidentiality, availability or integrity of Oracle for OpenView (OfO). |
Original Source
| Url : http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143 |
CPE : Common Platform Enumeration
ExploitDB Exploits
| id | Description |
|---|---|
| 2007-07-12 | Oracle Database SQL Compiler Views Unauthorized Manipulation |
| 2007-07-19 | Oracle 9i/10g Evil Views - Change Passwords Exploit |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2011-12-07 | Name : Oracle Database Server Multiple Components Multiple Vulnerabilities File : nvt/gb_oracle_database_server_mult_comp_mult_vuln.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 40011 | Oracle E-Business Suite Payables Payable User Unspecified Remote Information ... |
| 40010 | Oracle E-Business Suite Payables Payable User Unspecified Remote Information ... |
| 40009 | Oracle E-Business Suite Payables Payable User Unspecified Remote Information ... |
| 40008 | Oracle E-Business Suite iRecruitment Administrator Unspecified Remote Informa... |
| 40007 | Oracle E-Business Suite Human Resources Unspecified Remote Information Disclo... |
| 40006 | Oracle E-Business Suite Application Object Library Unspecified Remote Informa... |
| 40005 | Oracle E-Business Suite Payments Unspecified Remote Information Disclosure |
| 40004 | Oracle E-Business Suite Customer Intelligence Unspecified Remote Information ... |
| 40003 | Oracle E-Business Suite Application Object Library HTTP Unspecified Remote In... |
| 40002 | Oracle E-Business Suite Application Object Library HTTP Unspecified Remote In... |
| 40001 | Oracle E-Business Suite Application Object Library HTTP Unspecified Remote In... |
| 40000 | Oracle E-Business Suite iExpenses HTTP Unspecified Remote Issue |
| 39999 | Oracle E-Business Suite Configurator HTTP Unspecified Remote Issue |
| 39998 | Oracle E-Business Suite Customer Intelligence Unspecified Remote Unauthentica... |
| 39997 | Oracle Database SQL Compiler Views Unauthorized Manipulation |
| 39996 | Oracle Database Spatial MDSYS.RTREE_IDX Unspecified Remote DoS |
| 39994 | Oracle Database Spatial MDSYS.SDO_GEOR_INT Unspecified Remote DoS |
| 39993 | Oracle Database JavaVM Unspecified Remote Issue |
| 39992 | Oracle Database Progam Interface Unspecified Remote DoS |
| 39991 | Oracle Database Spatial MDSYS.MD Unspecified Overflow |
| 39990 | Oracle Database Rules Manager EXFSYS.DBMS_RLMGR_UTL Unspecified Remote Issue |
| 39989 | Oracle Database PL/SQL SYS.DBMS_STANDARD Unspecified Remote Issue |
| 39987 | Oracle Database Text Session Creation Unspecified Remote Issue (DB09) |
| 39986 | Oracle Database Text CTXSYS.DRVXMD Unspecified Remote Issue |
| 39985 | Oracle Database Text CTXSYS.DRI_MOVE_CTXSYS Unspecified Remote Issue |
| 39984 | Oracle Database Text CTXSYS.DRVXMD Unspecified Remote Issue |
| 39983 | Oracle Database Text Session Creation Unspecified Remote Issue (DB05) |
| 39978 | Oracle Database Data Mining DMSYS.DMP_SYS Unspecified Remote Issue |
| 39977 | Oracle Database DataGuard SYS.DBMS_DRS.GET_PROPERTY Remote Overflow |
| 39976 | Oracle Database Advanced Queuing SYS.DBMS_PRVTAQIS Unspecified SQL Injection |
| 39975 | Oracle Database JavaVM DBMS_JAVA_TEST DBMS_PRVTAQIS SQL Injection |
| 39974 | Oracle Internet Directory LDAP Unspecified Remote Information Disclosure |
| 39973 | Oracle JDeveloper JBO.SERVER HTTP Unspecified Local Issue |
| 39972 | Oracle JDeveloper JBO.KEY Unspecified Remote DoS |
| 39971 | Oracle Application Server Single Sign On (SSO) HTTP Unspecified Remote Issue |
| 39970 | Oracle Application Express wwv_flow_security.check_db_password Function SQL I... |
| 39969 | Oracle Instant Messaging/Presence HTTP Unspecified Remote Issue |
| 39968 | Oracle PeopleSoft Human Capital Management Unspecified Local Information Disc... PeopleSoft Human Capital Management (HCM) contains a flaw that may lead to an unauthorized information disclosure. Â The issue is triggered when a manager with access to the "View Employee Personal Info" component creates a URL pointing to the component while specifying an alternate employee ID, which will disclose the addresses of employees who may not report to them resulting in a loss of confidentiality. |
| 39967 | Oracle PeopleSoft Human Capital Management Unspecified Local Issue PeopleSoft Human Capital Management contains a flaw that may lead to an unauthorized information disclosure. Â The issue is triggered when a manager with access to Absence Management components alters a URL substituting another employee ID, which will disclose and allow the editing of the absence information of an employee who may not report to the manager, resulting in a loss of confidentiality and integrity. |
| 39966 | Oracle PeopleSoft Customer Relationship Management Online Marketing HTTP Unsp... PeopleSoft CRM Online Marketing contains a flaw related to what may be the login component that may allow an attacker to capture usernames and passwords. No further details have been provided. |
| 39965 | Oracle PeopleSoft Customer Relationship Management Online Marketing Unspecifi... PeopleSoft CRM Online Marketing contains a flaw related where a "password is passed unencrypted from DES to AppServer", according to the vendor. No further details have been provided. |
| 39964 | Oracle PeopleSoft PeopleTools PIA Component Unspecified XSS (PSE03) PeopleSoft PeopleTools contains a flaw that allows a remote cross site scripting attack. This flaw exists because of a validation issue inside the PeopleSoft Internet Architecture (PIA). This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. |
| 39963 | Oracle PeopleSoft PeopleTools Reporting Run Control Parameters Unspecified Re... PeopleSoft PeopleTools contains a flaw related to run control parameters in reporting. No further details have been provided. |
| 39962 | Oracle PeopleSoft PeopleTools App Designer Component Unspecified Remote Issue PeopleSoft PeopleTools contains a flaw related to the App Designer component. No further details have been provided. |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | Oracle database SQL compiler read-only join auth bypass attempt RuleID : 17419 - Revision : 7 - Type : SERVER-ORACLE |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2013-02-20 | Name : The remote host is running a vulnerable version of Oracle Apex. File : oracle_apex_pre301.nasl - Type : ACT_GATHER_INFO |
| 2012-01-24 | Name : The remote web server may be affected by multiple vulnerabilities. File : oracle_application_server_pci.nasl - Type : ACT_GATHER_INFO |
| 2011-11-16 | Name : The remote database server is affected by multiple vulnerabilities. File : oracle_rdbms_cpu_jul_2007.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2013-05-11 00:45:52 |
|
