Vulnerability Name: CVE-2006-3716 (CCN-27897) Assigned: 2006-07-18 Published: 2006-07-18 Updated: 2018-10-18 Summary: Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5.10CU2 have unknown impact and attack vectors, aka Oracle Vuln# (1) APPS01 for Internet Expenses; (2) APPS02, (3) APPS05, (4) APPS06, (5) APPS07, (6) APPS08, (7) APPS09, and (8) APPS10 for Oracle Application Object Library; (9) APPS11, (10) APPS12, and (11) APPS13 for Oracle Applications Technology Stack; (12) APPS14 for Oracle Call Center Technology; (13) APPS15 for Oracle Common Applications; (14) APPS18 for Oracle Self-Service Web Applications; and (15) APPS19 for Oracle Workflow Cartridge. CVSS v3 Severity: 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): ChangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
CVSS v2 Severity: 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
Vulnerability Type: CWE-Other Vulnerability Consequences: Informational References: Source: MITRECVE-2006-3698 CVE-2006-3699 CVE-2006-3700 CVE-2006-3701 CVE-2006-3702 CVE-2006-3703 CVE-2006-3704 CVE-2006-3705 CVE-2006-3706 CVE-2006-3707 CVE-2006-3708 CVE-2006-3709 CVE-2006-3710 CVE-2006-3711 CVE-2006-3712 CVE-2006-3713 CVE-2006-3714 CVE-2006-3715 CVE-2006-3716 CVE-2006-3717 CVE-2006-3718 CVE-2006-3719 CVE-2006-3720 CVE-2006-3721 CVE-2006-3722 CVE-2006-3723 CVE-2006-3724 Oracle Products Multiple Vulnerabilities 21111 HP Oracle for OpenView Multiple Vulnerabilities 21165 Oracle Database and Other Products Have Multiple Unspecified Vulnerabilities With Unspecified Impact 1016529 Oracle DBMS_EXPORT_EXTENSION package vulnerable to SQL injection Oracle Critical Patch Update Advisory - July 2006 http://www.oracle.com/technetwork/topics/security/cpujul2006-101315.html Oracle PeopleSoft Enterprise Portal Authenticated Unspecified Issue (PSE01) Oracle PeopleSoft Enterprise Portal Authenticated Unspecified Issue (PSE02) Oracle PeopleSoft JD Edwards HTML Server Unspecified Issue Oracle Enterprise Manager CORE: Repository HTTP Unspecified Issue Oracle Enterprise Manager Enterprise Config Management HTTP Unspecified Issue Oracle Enterprise Manager Management Service HTTP Information Disclosure Oracle Enterprise Manager Management Service HTTP Unspecified Issue Oracle Collaboration Suite Calendar Authenticated HTTP Information Disclosure Oracle E-Business Suite Application Object Library Authenticated HTTP Information Disclosure Oracle E-Business Suite Application Object Library Authenticated HTTP Unspecified Issue Oracle E-Business Suite Application Object Library HTTP Information Disclosure Oracle E-Business Suite Application Object Library Authenticated HTTP Information Disclosure Oracle E-Business Suite Application Object Library Authenticated HTTP Unspecified Complex Issue Oracle E-Business Suite Application Object Library Authenticated HTTP Unspecified Trivial Issue Oracle E-Business Suite Application Object Library Unspecified Local Issue Oracle E-Business Suite Application Object Library HTTP Information Disclosure Oracle E-Business Suite Applications Technology Stack HTTP Unspecified Complex Issue Oracle E-Business Suite Applications Technology Stack HTTP Unspecified Trivial Issue Oracle E-Business Suite Applications Technology Stack HTTP Trivial Information Disclosure Oracle E-Business Suite Internet Expenses Authenticated HTTP Unspecified Issue Oracle E-Business Suite Call Center Technology Information Disclosure Oracle E-Business Suite Common Applications Information Disclosure Oracle E-Business Suite Exchange Unauthenticated Information Disclosure Oracle E-Business Suite Exchange Authenticated Information Disclosure Oracle E-Business Suite Self-Service Web Applications icx_ticket Authentication Bypass Oracle E-Business Suite Workflow Cartridge Information Disclosure Oracle E-Business Suite XML Gateway Unspecified Issue Oracle Application Server OC4J HTTP Trivial Limited Impact Information Disclosure (AS01) Oracle Application Server OC4J HTTP Unspecified Authenticated Issue Oracle Application Server OC4J HTTP Trivial Limited Impact Information Disclosure (AS03) Oracle Application Server OC4J HTTP Trivial Limited Impact Information Disclosure (AS04) Oracle Application Server OC4J HTTP Trivial Limited Impact Information Disclosure (AS05) Oracle Application Server OC4J HTTP Unspecified Complex Limited Impact Issue Oracle Application Server OC4J HTTP Trivial DoS Oracle Application Server OC4J HTTP Trivial Limited Impact Information Disclosure Oracle Application Server OC4J HTTP Unspecified Complex Limited Impact Issue Oracle Application Server OC4J HTTP Trivial Information Disclosure Oracle Core RDBMS Nested Tables Unspecified DoS Oracle WebDAV Unspecified HTTP DoS Oracle Oracle Dictionary sys.dbms_ddl Unspecified Issue Oracle InterMedia ordsys.ordimgidxmethods Unspecified Issue Oracle ODBC Driver Call Procedure ref Cursor DoS Oracle XMLDB HTTP Unspecified DoS http://www.red-database-security.com/advisory/oracle_cpu_july_2006.html Details Oracle Critical Patch Update July 2006 - V1.02 HPSBMA02133 19054 Oracle July 2006 Security Update Multiple Vulnerabilities Oracle Products Contain Multiple Vulnerabilities TA06-200A ADV-2006-2863 ADV-2006-2947 Oracle Database SYS.DBMS_CDC_IMPDP SQL injection oracle-cpu-july2006(27897) oracle-cpu-july-2006(27897) Vulnerable Configuration: Configuration 1 :cpe:/a:oracle:e-business_suite:11.5.10.2:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:oracle:database_server:8.1.7.4:*:*:*:*:*:*:* OR cpe:/a:oracle:database_server:9.2.0.6:r2:*:*:*:*:*:* OR cpe:/a:oracle:collaboration_suite:9.0.4.2:r2:*:*:*:*:*:* OR cpe:/a:oracle:database_server:10.1.0.4:r1:*:*:*:*:*:* OR cpe:/a:oracle:e-business_suite:11.0:*:*:*:*:*:*:* OR cpe:/a:oracle:application_server:9.0.4.2:*:*:*:*:*:*:* OR cpe:/a:oracle:application_server:10.1.2.0.0:r2:*:*:*:*:*:* OR cpe:/a:oracle:application_server:10.1.2.0.1:r2:*:*:*:*:*:* OR cpe:/a:oracle:application_server:10.1.2.0.2:r2:*:*:*:*:*:* OR cpe:/a:oracle:database_server:10.2.0.1:r2:*:*:*:*:*:* OR cpe:/a:oracle:database_server:10.1.0.5:r1:*:*:*:*:*:* OR cpe:/a:oracle:database_server:9.2.0.7:r2:*:*:*:*:*:* OR cpe:/a:oracle:collaboration_suite:10.1.2:r1:*:*:*:*:*:* OR cpe:/a:oracle:e-business_suite:11.5.10:*:*:*:*:*:*:* OR cpe:/a:oracle:peoplesoft_enterprise_portal:8.4:*:*:*:*:*:*:* OR cpe:/a:oracle:peoplesoft_enterprise_portal:8.8:*:*:*:*:*:*:* OR cpe:/a:oracle:peoplesoft_enterprise_portal:8.9:*:*:*:*:*:*:* OR cpe:/a:oracle:database_server:10.2.0.2:r2:*:*:*:*:*:* OR cpe:/a:oracle:enterprise_manager_grid_control:10.2.0.1:*:*:*:*:*:*:* OR cpe:/a:oracle:application_server:9.0.4.3:*:*:*:*:*:*:* OR cpe:/a:oracle:enterpriseone:8.95:*:*:*:*:*:*:* OR cpe:/a:oracle:enterpriseone:8.96:*:*:*:*:*:*:* OR cpe:/a:oracle:e-business_suite:11.5.7:*:*:*:*:*:*:* OR cpe:/a:oracle:e-business_suite:11.5.8:*:*:*:*:*:*:* OR cpe:/a:oracle:e-business_suite:11.5.9:*:*:*:*:*:*:* OR cpe:/a:oracle:pharmaceutical:4.5.0:*:*:*:*:*:*:* OR cpe:/a:oracle:pharmaceutical:4.5.1:*:*:*:*:*:*:* OR cpe:/a:oracle:pharmaceutical:4.5.2:*:*:*:*:*:*:* BACK
oracle e-business suite 11.5.10.2
oracle database server 8.1.7.4
oracle database server 9.2.0.6 r2
oracle collaboration suite 9.0.4.2 r2
oracle database server 10.1.0.4 r1
oracle e-business suite 11.0
oracle application server 9.0.4.2
oracle application server 10.1.2.0.0 r2
oracle application server 10.1.2.0.1 r2
oracle application server 10.1.2.0.2 r2
oracle database server 10.2.0.1 r2
oracle database server 10.1.0.5 r1
oracle database server 9.2.0.7 r2
oracle collaboration suite 10.1.2 r1
oracle e-business suite 11.5.10
oracle peoplesoft enterprise portal 8.4
oracle peoplesoft enterprise portal 8.8
oracle peoplesoft enterprise portal 8.9
oracle database server 10.2.0.2 r2
oracle enterprise manager grid control 10.2.0.1
oracle application server 9.0.4.3
oracle enterpriseone 8.95
oracle enterpriseone 8.96
oracle e-business suite 11.5.7
oracle e-business suite 11.5.8
oracle e-business suite 11.5.9
oracle pharmaceutical 4.5.0
oracle pharmaceutical 4.5.1
oracle pharmaceutical 4.5.2
Denotes that component is vulnerable