Vulnerabilities > CVE-2016-3520 - Unspecified vulnerability in Oracle E-Business Suite

047910
CVSS 4.9 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
HIGH
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
oracle
nessus

Summary

Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote administrators to affect confidentiality via vectors related to AOL Diagnostic tests.

Nessus

NASL familyMisc.
NASL idORACLE_E-BUSINESS_CPU_JUL_2016.NASL
descriptionThe version of Oracle E-Business installed on the remote host is missing the July 2016 Oracle Critical Patch Update (CPU). It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the Wireless Framework subcomponent within the CRM Technical Foundation component that allows an unauthenticated, remote attacker to impact confidentiality and integrity. (CVE-2016-3491) - An unspecified flaw exists in the Function Security subcomponent within the Customer Interaction History component that allows an unauthenticated, remote attacker to impact confidentiality and integrity. (CVE-2016-3512) - An unspecified flaw exists in the AOL diagnostic tests subcomponent within the Application Object Library component that allows an authenticated, remote attacker to disclose potentially sensitive information. (CVE-2016-3520) - An unspecified flaw exists in the Application Service subcomponent within the Web Applications Desktop Integrator component that allows an unauthenticated, remote attacker to impact confidentiality and integrity. (CVE-2016-3522) - An unspecified flaw exists in the Application Service subcomponent within the Web Applications Desktop Integrator component that allows an unauthenticated, remote attacker to impact integrity. (CVE-2016-3523) - An unspecified flaw exists in the Configuration subcomponent within the Applications Technology Stack component that allows an unauthenticated, remote attacker to impact confidentiality and integrity. (CVE-2016-3524) - An unspecified flaw exists in the Cookie Management subcomponent within the Applications Manager component that allows an unauthenticated, remote attacker to disclose potentially sensitive information. (CVE-2016-3525) - An unspecified flaw exists in the Expenses Admin Utilities subcomponent within the Internet Expenses component that allows an unauthenticated, remote attacker to cause a denial of service condition. (CVE-2016-3528) - An unspecified flaw exists in the SDK client integration subcomponent within the Advanced Inbound Telephony component that allows an unauthenticated, remote attacker to impact confidentiality and integrity. (CVE-2016-3532) - An unspecified flaw exists in the Search subcomponent within the Knowledge Management component that allows an unauthenticated, remote attacker to impact integrity. (CVE-2016-3533) - An unspecified flaw exists in the Engineering Change Order subcomponent within the Installed Base component that allows an unauthenticated, remote attacker to impact integrity. (CVE-2016-3534) - An unspecified flaw exists in the Remote Launch subcomponent within the CRM Technical Foundation component that allows an unauthenticated, remote attacker to impact confidentiality and integrity. (CVE-2016-3535) - An unspecified flaw exists in the Deliverables subcomponent within the Marketing component that allows an unauthenticated, remote attacker to impact confidentiality and integrity. (CVE-2016-3536) - An unspecified flaw exists in the Notes subcomponent within the Common Applications Calendar component that allows an unauthenticated, remote attacker to impact confidentiality and integrity. (CVE-2016-3541) - An unspecified flaw exists in the Search/Browse subcomponent within the Knowledge Management component that allows an authenticated, remote attacker to impact confidentiality and integrity. (CVE-2016-3542) - An unspecified flaw exists in the Tasks subcomponent within the Common Applications Calendar component that allows an unauthenticated, remote attacker to impact confidentiality and integrity. (CVE-2016-3543) - An unspecified flaw exists in the Web based help screens subcomponent within the Application Object Library component that allows an unauthenticated, remote attacker to disclose potentially sensitive information. (CVE-2016-3545) - An unspecified flaw exists in the Report JSPs subcomponent within the Advanced Collections component that allows an unauthenticated, remote attacker to impact confidentiality and integrity. (CVE-2016-3546) - An unspecified flaw exists in the Content Manager subcomponent within the One-to-One Fulfillment component that allows an unauthenticated, remote attacker to disclose potentially sensitive information. (CVE-2016-3547) - An unspecified flaw exists in the Marketing activity collateral subcomponent within the Marketing component that allows an unauthenticated, remote attacker to disclose potentially sensitive information. (CVE-2016-3548) - An unspecified flaw exists in the Search Integration Engine subcomponent within the E-Business Suite Secure Enterprise Search component that allows an unauthenticated, remote attacker to disclose potentially sensitive information. (CVE-2016-3549) - Multiple unspecified flaws exist in the Email Center Agent Console subcomponent within the Email Center component that allow an unauthenticated, remote attacker to impact integrity. (CVE-2016-3558, CVE-2016-3559)
last seen2020-06-01
modified2020-06-02
plugin id92461
published2016-07-20
reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/92461
titleOracle E-Business Multiple Vulnerabilities (July 2016 CPU)