Vulnerabilities > CVE-2016-0697 - Remote Security vulnerability in Oracle E-Business Suite

047910
CVSS 3.6 - LOW
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
SINGLE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
NONE
network
high complexity
oracle
nessus

Summary

Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows local users to affect confidentiality and integrity via unknown vectors.

Nessus

NASL familyMisc.
NASL idORACLE_E-BUSINESS_CPU_APR_2016.NASL
descriptionThe version of Oracle E-Business installed on the remote host is missing the April 2016 Oracle Critical Patch Update (CPU). It is, therefore, affected by vulnerabilities in the following components : - An unspecified flaw exists in the DB Privileges subcomponent of the Oracle Applications Object Library component. A local attacker can exploit this to impact confidentiality and integrity. (CVE-2016-0697) - An unspecified flaw exists in the Logout subcomponent of the Oracle Applications Object Library component. A context-dependent attacker can exploit this to impact integrity. (CVE-2016-3434) - An unspecified flaw exists in the Tasks subcomponent of the Oracle Common Applications Calendar component. A context-dependent attacker can exploit this to impact confidentiality and integrity. (CVE-2016-3436) - An unspecified flaw exists in the Person Address Page subcomponent of the Oracle CRM Wireless component. A context-dependent attacker can exploit this to impact confidentiality and integrity. (CVE-2016-3437) - An unspecified flaw exists in the Call Phone Number Page subcomponent of the Oracle CRM Wireless component. A context-dependent attacker can exploit this to impact confidentiality and integrity. (CVE-2016-3439) - An unspecified flaw exists in the OAF Core subcomponent of the Oracle Applications Framework component. A context-dependent attacker can exploit this to impact confidentiality and integrity. (CVE-2016-3447) - An unspecified flaw exists in the Wireless subcomponent of the Oracle Field Service. An unauthenticated, remote attacker can exploit this to impact confidentiality and integrity. (CVE-2016-3466)
last seen2020-06-01
modified2020-06-02
plugin id90601
published2016-04-20
reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/90601
titleOracle E-Business Multiple Vulnerabilities (April 2016 CPU)