CVE-2008-5446

Name of the Vulnerable Software and Affected Versions Oracle E-Business Suite versions 11.5.10 CU2 through 11.5.10 CU2 Oracle E-Business Suite versions 12.0.6 through 12.0.6

Description The issue affects confidentiality and can be exploited by remote authenticated users via unknown vectors. There are claims that this issue is related to unrestricted guest access to the "About Us Page" in the Oracle Applications Framework (OAF), which allows attackers to obtain sensitive system and application environment information.

Recommendations For Oracle E-Business Suite version 11.5.10 CU2, restrict access to the "About Us Page" in the Oracle Applications Framework (OAF) to prevent unauthorized access to sensitive information. For Oracle E-Business Suite version 12.0.6, restrict access to the "About Us Page" in the Oracle Applications Framework (OAF) to prevent unauthorized access to sensitive information. At the moment, there is no information about a newer version that contains a fix for this vulnerability.