Description

Oracle EBS iesfootprint script is vulnerable to an SQL injection vulnerability, which may allow an attacker to execute malicious SQL statements in the OEBS database server.

Remediation

Upgrade to the latest version of Oracle E-Business Suite

References

[ERPSCAN-17-021] SQL Injection in E-Business Suite IESFOOTPRINT

Related Vulnerabilities

Oracle Application Server Incorrect Calculation of Buffer Size Vulnerability (CVE-2004-1363)

MyBB Inclusion of Functionality from Untrusted Control Sphere Vulnerability (CVE-2018-1000502)

silverstripeCMS CVE-2019-12617 Vulnerability (CVE-2019-12617)

Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-0093)

WordPress Other Vulnerability (CVE-2007-2627)

Severity

High

Classification

CVE-2017-3549 CWE-89 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

Acumonitor SQL Injection Known Vulnerabilities