CVE-2016-3448
Oracle Patches 27 Vulnerabilities
Severity Score
6.1
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track
*SSVC
Descriptions
Unspecified vulnerability in the Application Express component in Oracle Database Server before 5.0.4 allows remote attackers to affect confidentiality and integrity via unknown vectors.
Vulnerabilidad no especificada en el componente Application Express en Oracle Database Server en versiones anteriores a 5.0.4 permite a atacantes remotos afectar la confidencialidad y la integridad a través de vectores desconocidos.
A total of 27 vulnerabilities have been patched by Oracle. These affect eBusiness Suite R12.x and 11.5, Apex, Primavera, OBIEE, and Agile DB components. These issues include SQL injection, cross site scripting, XXE injection, SSRF, failed access controls, and more.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2016-03-17 CVE Reserved
- 2016-07-20 CVE Published
- 2024-03-08 EPSS Updated
- 2024-10-11 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (4)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/91787 | Third Party Advisory | |
http://www.securityfocus.com/bid/91885 | Vdb Entry | |
http://www.securitytracker.com/id/1036363 | Vdb Entry |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | 2017-09-01 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Oracle Search vendor "Oracle" | Application Express Search vendor "Oracle" for product "Application Express" | <= 5.0.3 Search vendor "Oracle" for product "Application Express" and version " <= 5.0.3" | - |
Affected
|