Vulnerabilities > CVE-2016-3436 - Unspecified vulnerability in Oracle Common Applications Calendar 12.1.1/12.1.2/12.1.3
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
LOW Availability impact
NONE Summary
Unspecified vulnerability in the Oracle Common Applications Calendar component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Tasks.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 3 |
Nessus
NASL family | Misc. |
NASL id | ORACLE_E-BUSINESS_CPU_APR_2016.NASL |
description | The version of Oracle E-Business installed on the remote host is missing the April 2016 Oracle Critical Patch Update (CPU). It is, therefore, affected by vulnerabilities in the following components : - An unspecified flaw exists in the DB Privileges subcomponent of the Oracle Applications Object Library component. A local attacker can exploit this to impact confidentiality and integrity. (CVE-2016-0697) - An unspecified flaw exists in the Logout subcomponent of the Oracle Applications Object Library component. A context-dependent attacker can exploit this to impact integrity. (CVE-2016-3434) - An unspecified flaw exists in the Tasks subcomponent of the Oracle Common Applications Calendar component. A context-dependent attacker can exploit this to impact confidentiality and integrity. (CVE-2016-3436) - An unspecified flaw exists in the Person Address Page subcomponent of the Oracle CRM Wireless component. A context-dependent attacker can exploit this to impact confidentiality and integrity. (CVE-2016-3437) - An unspecified flaw exists in the Call Phone Number Page subcomponent of the Oracle CRM Wireless component. A context-dependent attacker can exploit this to impact confidentiality and integrity. (CVE-2016-3439) - An unspecified flaw exists in the OAF Core subcomponent of the Oracle Applications Framework component. A context-dependent attacker can exploit this to impact confidentiality and integrity. (CVE-2016-3447) - An unspecified flaw exists in the Wireless subcomponent of the Oracle Field Service. An unauthenticated, remote attacker can exploit this to impact confidentiality and integrity. (CVE-2016-3466) |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 90601 |
published | 2016-04-20 |
reporter | This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/90601 |
title | Oracle E-Business Multiple Vulnerabilities (April 2016 CPU) |
References
- http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
- http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
- http://www.securitytracker.com/id/1035603
- http://www.securitytracker.com/id/1035603
- https://www.onapsis.com/research/security-advisories/oracle-e-business-suite-cross-site-scripting-xss-cve-2016-3436
- https://www.onapsis.com/research/security-advisories/oracle-e-business-suite-cross-site-scripting-xss-cve-2016-3436