CVE-2010-0859

Vulnerability

CVE-2010-0859 is an unspecified vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite, specifically in version 11.5.10.2 ATG RUP6. The official description indicates that the vulnerability is exploitable remotely via unknown vectors. The US-CERT advisory [1] confirms that Oracle E-Business Suite Release 11i versions 11.5.10 and 11.5.10.2 are among the affected products in the April 2010 Critical Patch Update.

Exploitation

An attacker can exploit this vulnerability remotely without requiring authentication, as the vectors are unspecified but accessible over the network. The exact steps are not disclosed, but the vulnerability is triggered through the Oracle Application Object Library component, likely via crafted HTTP requests or other network-based interactions.

Impact

Successful exploitation allows a remote attacker to affect the confidentiality and integrity of the target system. This could lead to unauthorized disclosure of sensitive information or unauthorized modification of data. No impact on availability is reported.

Mitigation

Oracle addressed this vulnerability in the Critical Patch Update for April 2010 [1]. Organizations should apply the relevant patch provided by Oracle for Oracle E-Business Suite Release 11i. No workarounds are documented; upgrading to the patched version is the recommended mitigation.