CVE-2016-3533
Oracle E-Business Suite 12.2 Cross Site Scripting
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Unspecified vulnerability in the Oracle Knowledge Management component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect integrity via vectors related to Search. NOTE: the previous information is from the July 2016 CPU. Oracle has not commented on third-party claims that this issue involves multiple open redirect vulnerabilities, which allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
Vulnerabilidad no especificada en el componente Oracle Knowledge Management en Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4 y 12.2.5 permite a atacantes remotos afectar la integridad a través de vectores relacionados con Search. NOTA: la información anterior es de la CPU de Julio 2016. Oracle no ha comentado nada sobre terceros que alegan que este problema implica múltiples vulnerabilidades de redirección abierta, lo que permite a atacantes remotos redirigir a usuarios a sitios web arbitrarios y llevar a cabo ataques phishing a través de vectores no especificados.
Oracle E-Business Suite version 12.2 suffers from a cross site scripting vulnerability.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2016-03-17 CVE Reserved
- 2016-07-21 CVE Published
- 2024-03-08 EPSS Updated
- 2024-10-11 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/91787 | Third Party Advisory | |
| http://www.securityfocus.com/bid/91909 | Vdb Entry | |
| http://www.securitytracker.com/id/1036403 | Vdb Entry | |
| https://www.onapsis.com/blog/oracle-fixes-record-276-vulnerabilities-july-2016 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html | 2017-09-01 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Oracle Search vendor "Oracle" | Knowledge Management Search vendor "Oracle" for product "Knowledge Management" | 12.1.1 Search vendor "Oracle" for product "Knowledge Management" and version "12.1.1" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Knowledge Management Search vendor "Oracle" for product "Knowledge Management" | 12.1.2 Search vendor "Oracle" for product "Knowledge Management" and version "12.1.2" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Knowledge Management Search vendor "Oracle" for product "Knowledge Management" | 12.1.3 Search vendor "Oracle" for product "Knowledge Management" and version "12.1.3" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Knowledge Management Search vendor "Oracle" for product "Knowledge Management" | 12.2.3 Search vendor "Oracle" for product "Knowledge Management" and version "12.2.3" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Knowledge Management Search vendor "Oracle" for product "Knowledge Management" | 12.2.4 Search vendor "Oracle" for product "Knowledge Management" and version "12.2.4" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Knowledge Management Search vendor "Oracle" for product "Knowledge Management" | 12.2.5 Search vendor "Oracle" for product "Knowledge Management" and version "12.2.5" | - |
Affected
| ||||||