Vulnerabilities > CVE-2016-0697 - Unspecified vulnerability in Oracle Application Object Library
Attack vector
LOCAL Attack complexity
LOW Privileges required
HIGH Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
NONE Summary
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows local users to affect confidentiality and integrity via unknown vectors.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 4 |
Nessus
| NASL family | Misc. |
| NASL id | ORACLE_E-BUSINESS_CPU_APR_2016.NASL |
| description | The version of Oracle E-Business installed on the remote host is missing the April 2016 Oracle Critical Patch Update (CPU). It is, therefore, affected by vulnerabilities in the following components : - An unspecified flaw exists in the DB Privileges subcomponent of the Oracle Applications Object Library component. A local attacker can exploit this to impact confidentiality and integrity. (CVE-2016-0697) - An unspecified flaw exists in the Logout subcomponent of the Oracle Applications Object Library component. A context-dependent attacker can exploit this to impact integrity. (CVE-2016-3434) - An unspecified flaw exists in the Tasks subcomponent of the Oracle Common Applications Calendar component. A context-dependent attacker can exploit this to impact confidentiality and integrity. (CVE-2016-3436) - An unspecified flaw exists in the Person Address Page subcomponent of the Oracle CRM Wireless component. A context-dependent attacker can exploit this to impact confidentiality and integrity. (CVE-2016-3437) - An unspecified flaw exists in the Call Phone Number Page subcomponent of the Oracle CRM Wireless component. A context-dependent attacker can exploit this to impact confidentiality and integrity. (CVE-2016-3439) - An unspecified flaw exists in the OAF Core subcomponent of the Oracle Applications Framework component. A context-dependent attacker can exploit this to impact confidentiality and integrity. (CVE-2016-3447) - An unspecified flaw exists in the Wireless subcomponent of the Oracle Field Service. An unauthenticated, remote attacker can exploit this to impact confidentiality and integrity. (CVE-2016-3466) |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 90601 |
| published | 2016-04-20 |
| reporter | This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
| source | https://www.tenable.com/plugins/nessus/90601 |
| title | Oracle E-Business Multiple Vulnerabilities (April 2016 CPU) |