CVE-2007-2135
CVE-2007-2135 is a high-severity vulnerability in Oracle E-business Suite with a CVSS 2.0 base score of 7.8. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.
Key facts
- Severity: High (CVSS 2.0 base score 7.8)
- EPSS exploit prediction: 2% (79th percentile)
- Actively exploited: Not listed in CISA KEV
- Affected product: Oracle E-business Suite
- Published:
- Last modified:
Description
The ADI_BINARY component in the Oracle E-Business Suite allows remote attackers to download arbitrary documents from the APPS.FND_DOCUMENTS table via the ADI_DISPLAY_REPORT function, when passed a certain parameter. NOTE: due to lack of details from Oracle, it is not clear whether this issue is related to other CVE identifiers such as CVE-2007-2126, CVE-2007-2127, or CVE-2007-2128.
Frequently asked questions
- What is CVE-2007-2135?
- The ADI_BINARY component in the Oracle E-Business Suite allows remote attackers to download arbitrary documents from the APPS.FND_DOCUMENTS table via the ADI_DISPLAY_REPORT function, when passed a certain parameter. NOTE: due to lack of details from Oracle, it is not clear whether this issue is related to other CVE identifiers such as CVE-2007-2126, CVE-2007-2127, or CVE-2007-2128.
- How severe is CVE-2007-2135?
- CVE-2007-2135 has a CVSS 2.0 base score of 7.8, rated high severity.
- Is CVE-2007-2135 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 2% (79th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2007-2135?
- CVE-2007-2135 affects Oracle E-business Suite. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2007-2135?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
- When was CVE-2007-2135 published?
- CVE-2007-2135 was published on 2007-04-24 and last updated on 2026-06-16.
References
- http://osvdb.org/39959
- http://securityreason.com/securityalert/2612
- http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2007.html
- http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html
- http://www.securityfocus.com/archive/1/466215/100/0/threaded
- http://www.zerodayinitiative.com/advisories/ZDI-07-017.html
Affected products (1)
- cpe:2.3:a:oracle:e-business_suite:*:*:*:*:*:*:*:*
More vulnerabilities in Oracle E-business Suite
- CVE-2015-4839 — Critical (CVSS 10.0): Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 11.5.10.2…
- CVE-2015-4798 — Critical (CVSS 10.0): Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 11.5.10.2…
- CVE-2008-1826 — Critical (CVSS 10.0): Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10.2 have unknown impact and attack vectors…
- CVE-2008-0343 — Critical (CVSS 10.0): Unspecified vulnerability in the Oracle Spatial component in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, and…
- CVE-2008-0347 — Critical (CVSS 10.0): Unspecified vulnerability in the Oracle Ultra Search component in Oracle Collaboration Suite 10.1.2; Database 9.2.0.8,…
- CVE-2008-0340 — Critical (CVSS 10.0): Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 have…