Vulnerabilities > CVE-2016-3549 - Remote Security vulnerability in Oracle E-Business Suite
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Unspecified vulnerability in the Oracle E-Business Suite Secure Enterprise Search component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality via vectors related to Search Integration Engine.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 4 |
Nessus
| NASL family | Misc. |
| NASL id | ORACLE_E-BUSINESS_CPU_JUL_2016.NASL |
| description | The version of Oracle E-Business installed on the remote host is missing the July 2016 Oracle Critical Patch Update (CPU). It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the Wireless Framework subcomponent within the CRM Technical Foundation component that allows an unauthenticated, remote attacker to impact confidentiality and integrity. (CVE-2016-3491) - An unspecified flaw exists in the Function Security subcomponent within the Customer Interaction History component that allows an unauthenticated, remote attacker to impact confidentiality and integrity. (CVE-2016-3512) - An unspecified flaw exists in the AOL diagnostic tests subcomponent within the Application Object Library component that allows an authenticated, remote attacker to disclose potentially sensitive information. (CVE-2016-3520) - An unspecified flaw exists in the Application Service subcomponent within the Web Applications Desktop Integrator component that allows an unauthenticated, remote attacker to impact confidentiality and integrity. (CVE-2016-3522) - An unspecified flaw exists in the Application Service subcomponent within the Web Applications Desktop Integrator component that allows an unauthenticated, remote attacker to impact integrity. (CVE-2016-3523) - An unspecified flaw exists in the Configuration subcomponent within the Applications Technology Stack component that allows an unauthenticated, remote attacker to impact confidentiality and integrity. (CVE-2016-3524) - An unspecified flaw exists in the Cookie Management subcomponent within the Applications Manager component that allows an unauthenticated, remote attacker to disclose potentially sensitive information. (CVE-2016-3525) - An unspecified flaw exists in the Expenses Admin Utilities subcomponent within the Internet Expenses component that allows an unauthenticated, remote attacker to cause a denial of service condition. (CVE-2016-3528) - An unspecified flaw exists in the SDK client integration subcomponent within the Advanced Inbound Telephony component that allows an unauthenticated, remote attacker to impact confidentiality and integrity. (CVE-2016-3532) - An unspecified flaw exists in the Search subcomponent within the Knowledge Management component that allows an unauthenticated, remote attacker to impact integrity. (CVE-2016-3533) - An unspecified flaw exists in the Engineering Change Order subcomponent within the Installed Base component that allows an unauthenticated, remote attacker to impact integrity. (CVE-2016-3534) - An unspecified flaw exists in the Remote Launch subcomponent within the CRM Technical Foundation component that allows an unauthenticated, remote attacker to impact confidentiality and integrity. (CVE-2016-3535) - An unspecified flaw exists in the Deliverables subcomponent within the Marketing component that allows an unauthenticated, remote attacker to impact confidentiality and integrity. (CVE-2016-3536) - An unspecified flaw exists in the Notes subcomponent within the Common Applications Calendar component that allows an unauthenticated, remote attacker to impact confidentiality and integrity. (CVE-2016-3541) - An unspecified flaw exists in the Search/Browse subcomponent within the Knowledge Management component that allows an authenticated, remote attacker to impact confidentiality and integrity. (CVE-2016-3542) - An unspecified flaw exists in the Tasks subcomponent within the Common Applications Calendar component that allows an unauthenticated, remote attacker to impact confidentiality and integrity. (CVE-2016-3543) - An unspecified flaw exists in the Web based help screens subcomponent within the Application Object Library component that allows an unauthenticated, remote attacker to disclose potentially sensitive information. (CVE-2016-3545) - An unspecified flaw exists in the Report JSPs subcomponent within the Advanced Collections component that allows an unauthenticated, remote attacker to impact confidentiality and integrity. (CVE-2016-3546) - An unspecified flaw exists in the Content Manager subcomponent within the One-to-One Fulfillment component that allows an unauthenticated, remote attacker to disclose potentially sensitive information. (CVE-2016-3547) - An unspecified flaw exists in the Marketing activity collateral subcomponent within the Marketing component that allows an unauthenticated, remote attacker to disclose potentially sensitive information. (CVE-2016-3548) - An unspecified flaw exists in the Search Integration Engine subcomponent within the E-Business Suite Secure Enterprise Search component that allows an unauthenticated, remote attacker to disclose potentially sensitive information. (CVE-2016-3549) - Multiple unspecified flaws exist in the Email Center Agent Console subcomponent within the Email Center component that allow an unauthenticated, remote attacker to impact integrity. (CVE-2016-3558, CVE-2016-3559) |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 92461 |
| published | 2016-07-20 |
| reporter | This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
| source | https://www.tenable.com/plugins/nessus/92461 |
| title | Oracle E-Business Multiple Vulnerabilities (July 2016 CPU) |