Vulnerabilities > CVE-2016-3436 - Unspecified vulnerability in Oracle Common Applications Calendar 12.1.1/12.1.2/12.1.3
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
LOW Availability impact
NONE Summary
Unspecified vulnerability in the Oracle Common Applications Calendar component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Tasks.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 3 |
Nessus
| NASL family | Misc. |
| NASL id | ORACLE_E-BUSINESS_CPU_APR_2016.NASL |
| description | The version of Oracle E-Business installed on the remote host is missing the April 2016 Oracle Critical Patch Update (CPU). It is, therefore, affected by vulnerabilities in the following components : - An unspecified flaw exists in the DB Privileges subcomponent of the Oracle Applications Object Library component. A local attacker can exploit this to impact confidentiality and integrity. (CVE-2016-0697) - An unspecified flaw exists in the Logout subcomponent of the Oracle Applications Object Library component. A context-dependent attacker can exploit this to impact integrity. (CVE-2016-3434) - An unspecified flaw exists in the Tasks subcomponent of the Oracle Common Applications Calendar component. A context-dependent attacker can exploit this to impact confidentiality and integrity. (CVE-2016-3436) - An unspecified flaw exists in the Person Address Page subcomponent of the Oracle CRM Wireless component. A context-dependent attacker can exploit this to impact confidentiality and integrity. (CVE-2016-3437) - An unspecified flaw exists in the Call Phone Number Page subcomponent of the Oracle CRM Wireless component. A context-dependent attacker can exploit this to impact confidentiality and integrity. (CVE-2016-3439) - An unspecified flaw exists in the OAF Core subcomponent of the Oracle Applications Framework component. A context-dependent attacker can exploit this to impact confidentiality and integrity. (CVE-2016-3447) - An unspecified flaw exists in the Wireless subcomponent of the Oracle Field Service. An unauthenticated, remote attacker can exploit this to impact confidentiality and integrity. (CVE-2016-3466) |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 90601 |
| published | 2016-04-20 |
| reporter | This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
| source | https://www.tenable.com/plugins/nessus/90601 |
| title | Oracle E-Business Multiple Vulnerabilities (April 2016 CPU) |