PT-2001-1734 · Oracle · Fndpub11I.Dll+1

Published

2001-08-14

Updated

2017-10-10

CVE-2001-0528

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite Release 11i Applications Desktop Integrator (ADI) version 7.x

Description: The issue allows local users to obtain the APPS schema password in cleartext from a debug file, potentially gaining privileges. This is due to the inclusion of a debug version of FNDPUB11I.DLL in the affected software.

Recommendations: For Oracle E-Business Suite Release 11i Applications Desktop Integrator (ADI) version 7.x, consider removing or restricting access to the debug version of FNDPUB11I.DLL to prevent the logging of sensitive information.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2001-0528

Affected Products

Fndpub11I.Dll

Oracle E-Business Suite

PT-2001-1734 · Oracle · Fndpub11I.Dll+1

CVE-2001-0528

Related Identifiers

Affected Products

References · 5