Vulnerability Name:

CVE-2007-0297 (CCN-31541)

Assigned:2007-01-16
Published:2007-01-16
Updated:2017-07-29
Summary:Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.47.11 and 8.48.06 has unknown impact and attack vectors in PeopleTools, aka PSE03.
CVSS v3 Severity:3.5 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
4.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Informational
References:Source: MITRE
Type: CNA
CVE-2007-0268

Source: MITRE
Type: CNA
CVE-2007-0269

Source: MITRE
Type: CNA
CVE-2007-0270

Source: MITRE
Type: CNA
CVE-2007-0271

Source: MITRE
Type: CNA
CVE-2007-0272

Source: MITRE
Type: CNA
CVE-2007-0273

Source: MITRE
Type: CNA
CVE-2007-0274

Source: MITRE
Type: CNA
CVE-2007-0275

Source: MITRE
Type: CNA
CVE-2007-0276

Source: MITRE
Type: CNA
CVE-2007-0277

Source: MITRE
Type: CNA
CVE-2007-0278

Source: MITRE
Type: CNA
CVE-2007-0279

Source: MITRE
Type: CNA
CVE-2007-0280

Source: MITRE
Type: CNA
CVE-2007-0281

Source: MITRE
Type: CNA
CVE-2007-0282

Source: MITRE
Type: CNA
CVE-2007-0283

Source: MITRE
Type: CNA
CVE-2007-0284

Source: MITRE
Type: CNA
CVE-2007-0285

Source: MITRE
Type: CNA
CVE-2007-0286

Source: MITRE
Type: CNA
CVE-2007-0287

Source: MITRE
Type: CNA
CVE-2007-0288

Source: MITRE
Type: CNA
CVE-2007-0289

Source: MITRE
Type: CNA
CVE-2007-0290

Source: MITRE
Type: CNA
CVE-2007-0291

Source: MITRE
Type: CNA
CVE-2007-0292

Source: MITRE
Type: CNA
CVE-2007-0293

Source: MITRE
Type: CNA
CVE-2007-0294

Source: MITRE
Type: CNA
CVE-2007-0295

Source: MITRE
Type: CNA
CVE-2007-0296

Source: MITRE
Type: CNA
CVE-2007-0297

Source: CCN
Type: SA23794
Oracle Products Multiple Vulnerabilities

Source: SECUNIA
Type: Patch, Vendor Advisory
23794

Source: CCN
Type: SECTRACK ID: 1017522
Oracle Database and Other Products Have 52 Unspecified Vulnerabilities With Unspecified Impact

Source: SECTRACK
Type: UNKNOWN
1017522

Source: CCN
Type: US-CERT VU#221788
Oracle SYS.DBMS_AQ package vulnerable to PL/SQL injection

Source: CCN
Type: Oracle Critical Patch Update - January 2007
Oracle Critical Patch Update Advisory - January 2007

Source: CONFIRM
Type: UNKNOWN
http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html

Source: CCN
Type: OSVDB ID: 32872
Oracle PeopleSoft PeopleTools PIA Component HTTP Unspecified Remote DoS

Source: CCN
Type: OSVDB ID: 32873
Oracle PeopleSoft PeopleTools PIA Component HTTP Unspecified Information Disclosure

Source: CCN
Type: OSVDB ID: 32874
Oracle PeopleSoft PeopleTools HTTP Unspecified Authenticated XSS

Source: CCN
Type: OSVDB ID: 32880
Oracle Enterprise Manager Cloning & Data Guard Management Unspecified Information Disclosure

Source: CCN
Type: OSVDB ID: 32881
Oracle HTTP Server SSL Module Unspecified Remote Issue (OHS01)

Source: CCN
Type: OSVDB ID: 32882
Oracle HTTP Server SSL Module Unspecified Remote Issue (OHS02)

Source: CCN
Type: OSVDB ID: 32883
Oracle HTTP Server Unspecified Issue (OHS03)

Source: CCN
Type: OSVDB ID: 32884
Oracle HTTP Server Unspecified Issue (OHS04)

Source: CCN
Type: OSVDB ID: 32885
Oracle HTTP Server SSL Module Unspecified Remote DoS (OHS05)

Source: CCN
Type: OSVDB ID: 32886
Oracle HTTP Server SSL Module Unspecified Remote DoS (OHS06)

Source: CCN
Type: OSVDB ID: 32887
Oracle HTTP Server Unspecified Information Disclosure

Source: CCN
Type: OSVDB ID: 32888
Oracle E-Business Suite Application Object Library HTTP Authenticated Unspecified Issue

Source: CCN
Type: OSVDB ID: 32889
Oracle E-Business Suite Exchange HTTP Negotiations User Unspecified Information Disclosure

Source: CCN
Type: OSVDB ID: 32890
Oracle E-Business Suite Human Resources Administrator Unspecified Information Disclosure

Source: CCN
Type: OSVDB ID: 32891
Oracle E-Business Suite Payables User Account Unspecified Information Disclosure

Source: CCN
Type: OSVDB ID: 32892
Oracle E-Business Suite Trading Community Architecture Administrator Unspecified Information Disclosure

Source: CCN
Type: OSVDB ID: 32893
Oracle E-Business Suite Web Applications Desktop Integrator Unspecified Issue

Source: CCN
Type: OSVDB ID: 32894
Oracle Multiple Products Reports Developer HTTP Unspecified Issue

Source: CCN
Type: OSVDB ID: 32895
Oracle Multiple Products Containers for J2EE HTTP Unspecified Issue (OC4J01)

Source: CCN
Type: OSVDB ID: 32896
Oracle Multiple Products Containers for J2EE HTTP Unspecified Issue (OC4J02)

Source: CCN
Type: OSVDB ID: 32897
Oracle Multiple Products Containers for J2EE HTTP Unspecified Information Disclosure (OC4J03)

Source: CCN
Type: OSVDB ID: 32898
Oracle Multiple Products Containers for J2EE HTTP Unspecified Issue (OC4J04)

Source: CCN
Type: OSVDB ID: 32899
Oracle Collaboration Suite Containers for J2EE HTTP Unspecified Information Disclosure (OC4J05)

Source: CCN
Type: OSVDB ID: 32900
Oracle Collaboration Suite Containers for J2EE HTTP Unspecified Issue (OC4J06)

Source: CCN
Type: OSVDB ID: 32901
Oracle Multiple Products Containers for J2EE Unauthenticated Unspecified Information Disclosure

Source: CCN
Type: OSVDB ID: 32902
Oracle Multiple Products Containers for J2EE jazn.jar Local Information Disclosure

Source: CCN
Type: OSVDB ID: 32903
Oracle Application Server Internet Directory LDAP Unspecified Information Disclosure

Source: CCN
Type: OSVDB ID: 32904
Oracle Multiple Products Process Mgmt & Notification ONS OPMN Daemon Remote Format String (OPMN02)

Source: CCN
Type: OSVDB ID: 32906
Oracle Multiple Products Workflow Cartridge rwcgi60 genuser Parameter XSS

Source: CCN
Type: OSVDB ID: 32908
Oracle Database Change Data Capture sys.dbms_cdc_subscribe Unspecified Issue

Source: CCN
Type: OSVDB ID: 32916
Oracle Database Advanced Security Option oklist / okdstry Unspecified Local Issue

Source: CCN
Type: OSVDB ID: 32917
Oracle Database Export expdp / impdp Unspecified Local Issue

Source: CCN
Type: OSVDB ID: 32918
Oracle Database NLS Runtime lmsgen Unspecified Local Issue

Source: CCN
Type: OSVDB ID: 32919
Oracle Database Net Services tnslsnr Unspecified Local Issue

Source: CCN
Type: OSVDB ID: 32920
Oracle Database Text ctxkbtc Unspecified Local Issue

Source: CCN
Type: OSVDB ID: 32922
Oracle Database Recovery Manager oklist Unspecified Local Issue

Source: CCN
Type: Red-Database-Security Web site
Details Oracle Critical Patch Update January 2007

Source: CCN
Type: BID-22008
Retired: Oracle January 2007 Advance Notification Multiple Vulnerabilities

Source: BID
Type: UNKNOWN
22083

Source: CCN
Type: US-CERT Technical Cyber Security Alert TA07-017A
Oracle Releases Patches for Multiple Vulnerabilities

Source: CERT
Type: Patch, US Government Resource
TA07-017A

Source: XF
Type: UNKNOWN
oracle-cpu-jan2007(31541)

Source: XF
Type: UNKNOWN
oracle-cpu-jan2007(31541)

Source: CCN
Type: IBM Internet Security Systems X-Force Database
Oracle Application Server EmChartBean directory traversal

Vulnerable Configuration:Configuration 1:
  • cpe:/a:oracle:enterpriseone:8.47.11:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:enterpriseone:8.48.06:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:peoplesoft_enterprise:8.47.11:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:peoplesoft_enterprise:8.48.06:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:oracle:application_server:1.0.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:8.1.7.4:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:9.2.0.6:r2:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:10.1.0.3:r1:*:*:*:*:*:*
  • OR cpe:/a:oracle:application_server:9.0.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:9.0.1.5::fips:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:10.1.0.4:r1:*:*:*:*:*:*
  • OR cpe:/a:oracle:e-business_suite:11.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:enterprise_manager_grid_control:10.1.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:application_server:9.0.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:enterprise_manager_grid_control:10.1.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:application_server:10.1.2.0.0:r2:*:*:*:*:*:*
  • OR cpe:/a:oracle:application_server:10.1.2.0.1:r2:*:*:*:*:*:*
  • OR cpe:/a:oracle:application_server:10.1.2.0.2:r2:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:10.2.0.1:r2:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:10.1.0.5:r1:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:9.2.0.7:r2:*:*:*:*:*:*
  • OR cpe:/a:oracle:e-business_suite:11.5.10:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:developer_suite:6i:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:10.2.0.2:r2:*:*:*:*:*:*
  • OR cpe:/a:oracle:enterprise_manager_grid_control:10.2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:application_server:9.0.4.3:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.22:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.47:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.48:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:developer_suite:9.0.4.3:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:developer_suite:10.1.2.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:9.2.0.8:r2:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:10.2.0.3:r2:*:*:*:*:*:*
  • OR cpe:/a:oracle:identity_management_10g:10.1.4.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:e-business_suite:11.5.7:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:e-business_suite:11.5.8:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:e-business_suite:11.5.9:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    oracle enterpriseone 8.47.11
    oracle enterpriseone 8.48.06
    oracle peoplesoft enterprise 8.47.11
    oracle peoplesoft enterprise 8.48.06
    oracle application server 1.0.2.2
    oracle database server 8.1.7.4
    oracle database server 9.2.0.6 r2
    oracle database server 10.1.0.3 r1
    oracle application server 9.0.4.1
    oracle database server 9.0.1.5
    oracle database server 10.1.0.4 r1
    oracle e-business suite 11.0
    oracle enterprise manager grid control 10.1.0.3
    oracle application server 9.0.4.2
    oracle enterprise manager grid control 10.1.0.4
    oracle application server 10.1.2.0.0 r2
    oracle application server 10.1.2.0.1 r2
    oracle application server 10.1.2.0.2 r2
    oracle database server 10.2.0.1 r2
    oracle database server 10.1.0.5 r1
    oracle database server 9.2.0.7 r2
    oracle e-business suite 11.5.10
    oracle developer suite 6i
    oracle database server 10.2.0.2 r2
    oracle enterprise manager grid control 10.2.0.1
    oracle application server 9.0.4.3
    oracle peoplesoft enterprise peopletools 8.22
    oracle peoplesoft enterprise peopletools 8.47
    oracle peoplesoft enterprise peopletools 8.48
    oracle developer suite 9.0.4.3
    oracle developer suite 10.1.2.0.2
    oracle database server 9.2.0.8 r2
    oracle database server 10.2.0.3 r2
    oracle identity management 10g 10.1.4.0.1
    oracle e-business suite 11.5.7
    oracle e-business suite 11.5.8
    oracle e-business suite 11.5.9