Description
Multiple vulnerabilities in aoljtest.jsp of Oracle Applications AOL/J Setup Test Suite in Oracle E-Business Suite 11.5.1 through 11.5.8 allow a remote attacker to obtain sensitive information without authentication, such as the GUEST user password and the application server security key.
Product(s):
- Oracle Oracle Applications 10.7
- Oracle Oracle Applications 11.0
- Oracle E-Business Suite 11i 11.1
- Oracle E-Business Suite 11i 11.2
- Oracle E-Business Suite 11i 11.3
- Oracle E-Business Suite 11i 11.4
- Oracle E-Business Suite 11i 11.5
- Oracle E-Business Suite 11i 11.5 CU2
- Oracle E-Business Suite 11i 11.6
- Oracle E-Business Suite 11i 11.7
- Oracle E-Business Suite 11i 11.8
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2003-0633, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2003-0633 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.