Security Vulnerability in E-Business Suite Release 11i

Creation Date: 12-FEB-2003
Last Revision Date: 03-MAR-2003

Versions Affected

E-Business Suite Release 11i: v 11.5.6, v 11.5.7, v 11.5.8

Platforms Affected

All Platforms

Description

A potential security vulnerability has been discovered in the E-Business Suite Release 11i, which may permit a knowledgeable and malicious user to gain unauthorized access to the E-business Suite system.

Patches

Oracle has fixed the potential security vulnerability identified above under the following patch numbers. Future releases of the E-Business Suite Release 11i will contain the fix by default.

v 11.5.6: Patch number 2790807
v 11.5.7: Patch number 2790807
v 11.5.8: Patch number 2790864

It is important that you review the patch readme for specific instructions. If you have an earlier release of E-Business Suite (v 11.5.5 or earlier), you do not have the vulnerability and you must not apply any patch. If you later upgrade to an affected release level of E-Business Suite Release 11i as indicated above, you must apply one of the corresponding patches listed above.

The patch needs to be applied by any E-Business Suite customer at 11.5.6, 11.5.7, or 11.5.8. This issue affects ERP-only customers as well even though the security vulnerability was discovered in a CRM product.

Download currently available patches from Oracle Support Services web site, MetaLink, (http://metalink.oracle.com). Activate the 'Patches' button to get to the patches web page. Enter the patch number as indicated above, select your platform and press the 'Go' button.

Oracle strongly recommends that you comprehensively test the stability of your system upon application of any patch prior to deleting any of the original file(s) that are replaced by the patch.