Vulnerability Name: CVE-2006-3716 (CCN-27897) Assigned: 2006-07-18 Published: 2006-07-18 Updated: 2018-10-18 Summary: Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5.10CU2 have unknown impact and attack vectors, aka Oracle Vuln# (1) APPS01 for Internet Expenses; (2) APPS02, (3) APPS05, (4) APPS06, (5) APPS07, (6) APPS08, (7) APPS09, and (8) APPS10 for Oracle Application Object Library; (9) APPS11, (10) APPS12, and (11) APPS13 for Oracle Applications Technology Stack; (12) APPS14 for Oracle Call Center Technology; (13) APPS15 for Oracle Common Applications; (14) APPS18 for Oracle Self-Service Web Applications; and (15) APPS19 for Oracle Workflow Cartridge. CVSS v3 Severity: 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H )Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): ChangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
CVSS v2 Severity: 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
Vulnerability Type: CWE-Other Vulnerability Consequences: Informational References: Source: MITRE Type: CNACVE-2006-3698 Source: MITRE Type: CNACVE-2006-3699 Source: MITRE Type: CNACVE-2006-3700 Source: MITRE Type: CNACVE-2006-3701 Source: MITRE Type: CNACVE-2006-3702 Source: MITRE Type: CNACVE-2006-3703 Source: MITRE Type: CNACVE-2006-3704 Source: MITRE Type: CNACVE-2006-3705 Source: MITRE Type: CNACVE-2006-3706 Source: MITRE Type: CNACVE-2006-3707 Source: MITRE Type: CNACVE-2006-3708 Source: MITRE Type: CNACVE-2006-3709 Source: MITRE Type: CNACVE-2006-3710 Source: MITRE Type: CNACVE-2006-3711 Source: MITRE Type: CNACVE-2006-3712 Source: MITRE Type: CNACVE-2006-3713 Source: MITRE Type: CNACVE-2006-3714 Source: MITRE Type: CNACVE-2006-3715 Source: MITRE Type: CNACVE-2006-3716 Source: MITRE Type: CNACVE-2006-3717 Source: MITRE Type: CNACVE-2006-3718 Source: MITRE Type: CNACVE-2006-3719 Source: MITRE Type: CNACVE-2006-3720 Source: MITRE Type: CNACVE-2006-3721 Source: MITRE Type: CNACVE-2006-3722 Source: MITRE Type: CNACVE-2006-3723 Source: MITRE Type: CNACVE-2006-3724 Source: CCN Type: SA21111Oracle Products Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN21111 Source: CCN Type: SA21165HP Oracle for OpenView Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN21165 Source: CCN Type: SECTRACK ID: 1016529Oracle Database and Other Products Have Multiple Unspecified Vulnerabilities With Unspecified Impact Source: SECTRACK Type: UNKNOWN1016529 Source: CCN Type: US-CERT VU#932124Oracle DBMS_EXPORT_EXTENSION package vulnerable to SQL injection Source: CCN Type: Oracle Web siteOracle Critical Patch Update Advisory - July 2006 Source: CONFIRM Type: UNKNOWNhttp://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html Source: CCN Type: OSVDB ID: 28849Oracle PeopleSoft Enterprise Portal Authenticated Unspecified Issue (PSE01) Source: CCN Type: OSVDB ID: 28850Oracle PeopleSoft Enterprise Portal Authenticated Unspecified Issue (PSE02) Source: CCN Type: OSVDB ID: 28851Oracle PeopleSoft JD Edwards HTML Server Unspecified Issue Source: CCN Type: OSVDB ID: 28852Oracle Enterprise Manager CORE: Repository HTTP Unspecified Issue Source: CCN Type: OSVDB ID: 28853Oracle Enterprise Manager Enterprise Config Management HTTP Unspecified Issue Source: CCN Type: OSVDB ID: 28854Oracle Enterprise Manager Management Service HTTP Information Disclosure Source: CCN Type: OSVDB ID: 28855Oracle Enterprise Manager Management Service HTTP Unspecified Issue Source: CCN Type: OSVDB ID: 28856Oracle Collaboration Suite Calendar Authenticated HTTP Information Disclosure Source: CCN Type: OSVDB ID: 28857Oracle E-Business Suite Application Object Library Authenticated HTTP Information Disclosure Source: CCN Type: OSVDB ID: 28858Oracle E-Business Suite Application Object Library Authenticated HTTP Unspecified Issue Source: CCN Type: OSVDB ID: 28859Oracle E-Business Suite Application Object Library HTTP Information Disclosure Source: CCN Type: OSVDB ID: 28861Oracle E-Business Suite Application Object Library Authenticated HTTP Information Disclosure Source: CCN Type: OSVDB ID: 28862Oracle E-Business Suite Application Object Library Authenticated HTTP Unspecified Complex Issue Source: CCN Type: OSVDB ID: 28863Oracle E-Business Suite Application Object Library Authenticated HTTP Unspecified Trivial Issue Source: CCN Type: OSVDB ID: 28864Oracle E-Business Suite Application Object Library Unspecified Local Issue Source: CCN Type: OSVDB ID: 28865Oracle E-Business Suite Application Object Library HTTP Information Disclosure Source: CCN Type: OSVDB ID: 28866Oracle E-Business Suite Applications Technology Stack HTTP Unspecified Complex Issue Source: CCN Type: OSVDB ID: 28867Oracle E-Business Suite Applications Technology Stack HTTP Unspecified Trivial Issue Source: CCN Type: OSVDB ID: 28868Oracle E-Business Suite Applications Technology Stack HTTP Trivial Information Disclosure Source: CCN Type: OSVDB ID: 28869Oracle E-Business Suite Internet Expenses Authenticated HTTP Unspecified Issue Source: CCN Type: OSVDB ID: 28870Oracle E-Business Suite Call Center Technology Information Disclosure Source: CCN Type: OSVDB ID: 28871Oracle E-Business Suite Common Applications Information Disclosure Source: CCN Type: OSVDB ID: 28872Oracle E-Business Suite Exchange Unauthenticated Information Disclosure Source: CCN Type: OSVDB ID: 28873Oracle E-Business Suite Exchange Authenticated Information Disclosure Source: CCN Type: OSVDB ID: 28874Oracle E-Business Suite Self-Service Web Applications icx_ticket Authentication Bypass Source: CCN Type: OSVDB ID: 28875Oracle E-Business Suite Workflow Cartridge Information Disclosure Source: CCN Type: OSVDB ID: 28876Oracle E-Business Suite XML Gateway Unspecified Issue Source: CCN Type: OSVDB ID: 28877Oracle Application Server OC4J HTTP Trivial Limited Impact Information Disclosure (AS01) Source: CCN Type: OSVDB ID: 28878Oracle Application Server OC4J HTTP Unspecified Authenticated Issue Source: CCN Type: OSVDB ID: 28879Oracle Application Server OC4J HTTP Trivial Limited Impact Information Disclosure (AS03) Source: CCN Type: OSVDB ID: 28880Oracle Application Server OC4J HTTP Trivial Limited Impact Information Disclosure (AS04) Source: CCN Type: OSVDB ID: 28881Oracle Application Server OC4J HTTP Trivial Limited Impact Information Disclosure (AS05) Source: CCN Type: OSVDB ID: 28882Oracle Application Server OC4J HTTP Unspecified Complex Limited Impact Issue Source: CCN Type: OSVDB ID: 28883Oracle Application Server OC4J HTTP Trivial DoS Source: CCN Type: OSVDB ID: 28884Oracle Application Server OC4J HTTP Trivial Limited Impact Information Disclosure Source: CCN Type: OSVDB ID: 28885Oracle Application Server OC4J HTTP Unspecified Complex Limited Impact Issue Source: CCN Type: OSVDB ID: 28886Oracle Application Server OC4J HTTP Trivial Information Disclosure Source: CCN Type: OSVDB ID: 28893Oracle Core RDBMS Nested Tables Unspecified DoS Source: CCN Type: OSVDB ID: 28895Oracle WebDAV Unspecified HTTP DoS Source: CCN Type: OSVDB ID: 28896Oracle Oracle Dictionary sys.dbms_ddl Unspecified Issue Source: CCN Type: OSVDB ID: 28898Oracle InterMedia ordsys.ordimgidxmethods Unspecified Issue Source: CCN Type: OSVDB ID: 28906Oracle ODBC Driver Call Procedure ref Cursor DoS Source: CCN Type: OSVDB ID: 28914Oracle XMLDB HTTP Unspecified DoS Source: MISC Type: Patch, Vendor Advisoryhttp://www.red-database-security.com/advisory/oracle_cpu_july_2006.html Source: CCN Type: Red-Database-Security Web siteDetails Oracle Critical Patch Update July 2006 - V1.02 Source: HP Type: UNKNOWNHPSBMA02133 Source: BID Type: UNKNOWN19054 Source: CCN Type: BID-19054Oracle July 2006 Security Update Multiple Vulnerabilities Source: CCN Type: US-CERT Technical Cyber Security Alert TA06-200AOracle Products Contain Multiple Vulnerabilities Source: CERT Type: US Government ResourceTA06-200A Source: VUPEN Type: UNKNOWNADV-2006-2863 Source: VUPEN Type: UNKNOWNADV-2006-2947 Source: CCN Type: ISS X-Force DatabaseOracle Database SYS.DBMS_CDC_IMPDP SQL injection Source: XF Type: UNKNOWNoracle-cpu-july2006(27897) Source: XF Type: UNKNOWNoracle-cpu-july-2006(27897) Vulnerable Configuration: Configuration 1 :cpe:/a:oracle:e-business_suite:11.5.10.2:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:oracle:database_server:8.1.7.4:*:*:*:*:*:*:* OR cpe:/a:oracle:database_server:9.2.0.6:r2:*:*:*:*:*:* OR cpe:/a:oracle:collaboration_suite:9.0.4.2:r2:*:*:*:*:*:* OR cpe:/a:oracle:database_server:10.1.0.4:r1:*:*:*:*:*:* OR cpe:/a:oracle:e-business_suite:11.0:*:*:*:*:*:*:* OR cpe:/a:oracle:application_server:9.0.4.2:*:*:*:*:*:*:* OR cpe:/a:oracle:application_server:10.1.2.0.0:r2:*:*:*:*:*:* OR cpe:/a:oracle:application_server:10.1.2.0.1:r2:*:*:*:*:*:* OR cpe:/a:oracle:application_server:10.1.2.0.2:r2:*:*:*:*:*:* OR cpe:/a:oracle:database_server:10.2.0.1:r2:*:*:*:*:*:* OR cpe:/a:oracle:database_server:10.1.0.5:r1:*:*:*:*:*:* OR cpe:/a:oracle:database_server:9.2.0.7:r2:*:*:*:*:*:* OR cpe:/a:oracle:collaboration_suite:10.1.2:r1:*:*:*:*:*:* OR cpe:/a:oracle:e-business_suite:11.5.10:*:*:*:*:*:*:* OR cpe:/a:oracle:peoplesoft_enterprise_portal:8.4:*:*:*:*:*:*:* OR cpe:/a:oracle:peoplesoft_enterprise_portal:8.8:*:*:*:*:*:*:* OR cpe:/a:oracle:peoplesoft_enterprise_portal:8.9:*:*:*:*:*:*:* OR cpe:/a:oracle:database_server:10.2.0.2:r2:*:*:*:*:*:* OR cpe:/a:oracle:enterprise_manager_grid_control:10.2.0.1:*:*:*:*:*:*:* OR cpe:/a:oracle:application_server:9.0.4.3:*:*:*:*:*:*:* OR cpe:/a:oracle:enterpriseone:8.95:*:*:*:*:*:*:* OR cpe:/a:oracle:enterpriseone:8.96:*:*:*:*:*:*:* OR cpe:/a:oracle:e-business_suite:11.5.7:*:*:*:*:*:*:* OR cpe:/a:oracle:e-business_suite:11.5.8:*:*:*:*:*:*:* OR cpe:/a:oracle:e-business_suite:11.5.9:*:*:*:*:*:*:* OR cpe:/a:oracle:pharmaceutical:4.5.0:*:*:*:*:*:*:* OR cpe:/a:oracle:pharmaceutical:4.5.1:*:*:*:*:*:*:* OR cpe:/a:oracle:pharmaceutical:4.5.2:*:*:*:*:*:*:* Denotes that component is vulnerable BACK
oracle e-business suite 11.5.10.2
oracle database server 8.1.7.4
oracle database server 9.2.0.6 r2
oracle collaboration suite 9.0.4.2 r2
oracle database server 10.1.0.4 r1
oracle e-business suite 11.0
oracle application server 9.0.4.2
oracle application server 10.1.2.0.0 r2
oracle application server 10.1.2.0.1 r2
oracle application server 10.1.2.0.2 r2
oracle database server 10.2.0.1 r2
oracle database server 10.1.0.5 r1
oracle database server 9.2.0.7 r2
oracle collaboration suite 10.1.2 r1
oracle e-business suite 11.5.10
oracle peoplesoft enterprise portal 8.4
oracle peoplesoft enterprise portal 8.8
oracle peoplesoft enterprise portal 8.9
oracle database server 10.2.0.2 r2
oracle enterprise manager grid control 10.2.0.1
oracle application server 9.0.4.3
oracle enterpriseone 8.95
oracle enterpriseone 8.96
oracle e-business suite 11.5.7
oracle e-business suite 11.5.8
oracle e-business suite 11.5.9
oracle pharmaceutical 4.5.0
oracle pharmaceutical 4.5.1
oracle pharmaceutical 4.5.2