Published:2013/07/22 Last Updated:2013/07/22
JVN#26103805
Oracle Enterprise Manager vulnerable to cross-site scripting
Overview
Oracle Enterprise Manager contains a cross-site scripting vulnerability.
Products Affected
- Enterprise Manager Grid Control 10g Release 1, version 10.2.0.5
- Oracle Database 11g Release 1, version 11.1.0.7
Description
Oracle Enterprise Manager provided by Oracle contains a cross-site scripting vulnerability.
Impact
An arbitrary script may be executed on the user's web browser.
Solution
Apply an Update
Update to the latest version according to the information provided by the developer.
Vendor Status
| Vendor | Link |
| Oracle | Oracle Critical Patch Update Advisory - July 2013 |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Masashi Shiraishi reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert | |
| JPCERT Reports | |
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2013-3791 |
| JVN iPedia |
JVNDB-2013-003391 |