Published: 20/04/2011 Updated: 03/08/2012

CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8

VMScore: 375

Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N

Unspecified vulnerability in Oracle JD Edwards EnterpriseOne Tools 8.9 GA up to and including 8.98.4.1 and OneWorld Tools up to and including 24.1.3 allows remote authenticated users to affect integrity, related to Web Runtime SEC.

Vulnerable Product	Search on Vulmon	Subscribe to Product
oracle jd edwards enterpriseone 8.9
oracle peoplesoft and jdedwards product suite 8.9
oracle jd edwards enterpriseone 8.98.1.4
oracle jd edwards enterpriseone 8.98.2.1
oracle jd edwards enterpriseone ep 8.9
oracle jd edwards enterpriseone 8.9.18
oracle peoplesoft and jdedwards suite scm 8.9
oracle peoplesoft and jdedwards product suite 8.98.4.1
oracle enterpriseone tools 8.9
oracle oneworld tools

CYBSEC Security Advisory - Oracle JD Edwards EnterpriseOne suffers from multiple cross site scripting vulnerabilities ...

source: wwwsecurityfocuscom/bid/47479/info Oracle JD Edwards EnterpriseOne is prone to multiple cross-site scripting vulnerabilities An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site This may allow the attacker to steal cookie-based ...

source: wwwsecurityfocuscom/bid/47479/info Oracle JD Edwards EnterpriseOne is prone to multiple cross-site scripting vulnerabilities An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site This may allow the attacker to steal cookie-based auth ...

source: wwwsecurityfocuscom/bid/47479/info Oracle JD Edwards EnterpriseOne is prone to multiple cross-site scripting vulnerabilities An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site This may allow the attacker to steal cookie-based authenti ...

source: wwwsecurityfocuscom/bid/47479/info Oracle JD Edwards EnterpriseOne is prone to multiple cross-site scripting vulnerabilities An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site This may allow the attacker to steal cookie-based au ...

source: wwwsecurityfocuscom/bid/47479/info Oracle JD Edwards EnterpriseOne is prone to multiple cross-site scripting vulnerabilities An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site This may allow the attacker to steal cookie-based authen ...

NVD-CWE-noinfo http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html https://nvd.nist.gov https://packetstormsecurity.com/files/100649/Oracle-JD-Edwards-EnterpriseOne-Cross-Site-Scripting.html https://www.exploit-db.com/exploits/35642/

CVE-2011-0836

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect