Vulnerabilities > CVE-2016-3439 - Unspecified vulnerability in Oracle CRM Technical Foundation 12.1.3
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
LOW Availability impact
NONE Summary
Unspecified vulnerability in the Oracle CRM Wireless component in Oracle E-Business Suite 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Call Phone Number Page.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Nessus
NASL family | Misc. |
NASL id | ORACLE_E-BUSINESS_CPU_APR_2016.NASL |
description | The version of Oracle E-Business installed on the remote host is missing the April 2016 Oracle Critical Patch Update (CPU). It is, therefore, affected by vulnerabilities in the following components : - An unspecified flaw exists in the DB Privileges subcomponent of the Oracle Applications Object Library component. A local attacker can exploit this to impact confidentiality and integrity. (CVE-2016-0697) - An unspecified flaw exists in the Logout subcomponent of the Oracle Applications Object Library component. A context-dependent attacker can exploit this to impact integrity. (CVE-2016-3434) - An unspecified flaw exists in the Tasks subcomponent of the Oracle Common Applications Calendar component. A context-dependent attacker can exploit this to impact confidentiality and integrity. (CVE-2016-3436) - An unspecified flaw exists in the Person Address Page subcomponent of the Oracle CRM Wireless component. A context-dependent attacker can exploit this to impact confidentiality and integrity. (CVE-2016-3437) - An unspecified flaw exists in the Call Phone Number Page subcomponent of the Oracle CRM Wireless component. A context-dependent attacker can exploit this to impact confidentiality and integrity. (CVE-2016-3439) - An unspecified flaw exists in the OAF Core subcomponent of the Oracle Applications Framework component. A context-dependent attacker can exploit this to impact confidentiality and integrity. (CVE-2016-3447) - An unspecified flaw exists in the Wireless subcomponent of the Oracle Field Service. An unauthenticated, remote attacker can exploit this to impact confidentiality and integrity. (CVE-2016-3466) |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 90601 |
published | 2016-04-20 |
reporter | This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/90601 |
title | Oracle E-Business Multiple Vulnerabilities (April 2016 CPU) |
References
- http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
- http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
- http://www.securitytracker.com/id/1035603
- http://www.securitytracker.com/id/1035603
- https://www.onapsis.com/research/security-advisories/oracle-e-business-suite-cross-site-scripting-xss-cve-2016-3439
- https://www.onapsis.com/research/security-advisories/oracle-e-business-suite-cross-site-scripting-xss-cve-2016-3439