Overview
Oracle Diagnostic Tools fail to properly authenticate users before granting access to tools and tool resources. This may allow a remote, unauthenticated attacker to access and execute diagnostic tools on an Oracle E-Business Suite installation.
Description
Oracle Diagnostic Tools Oracle Diagnostic Tools is a collection of troubleshooting tools and routines for Oracle E-Business Suite 11i. For more information on specific features of Oracle Diagnostic Tools, please refer to Metalink Note ID 179661.1. |
Impact
A remote, unauthenticated attacker may be able to access and run Oracle Diagnostic tools. Depending on the tool being accessed, this may allow the attacker to modify Oracle E-Business Suite settings or obtain sensitive information about an Oracle E-Business Suite installation. |
Solution
Apply an update Oracle has corrected this issue in Oracle Diagnostics Support Pack for February 2006. This update is available in Oracle Metalink 167000.1. |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
Information in this document came from Integrigy.
This document was written by Jeff Gennari.
Other Information
| CVE IDs: | None |
| Severity Metric: | 15.30 |
| Date Public: | 2006-02-24 |
| Date First Published: | 2006-03-03 |
| Date Last Updated: | 2006-03-09 12:50 UTC |
| Document Revision: | 22 |