Unspecified Vulnerability in Oracle E-Business Suite by Oracle
CVE-2016-3532

8.2HIGH

Key Information:

Vendor
Oracle
Status
Advanced Inbound Telephony
Vendor
CVE Published:
21 July 2016

Summary

An unspecified vulnerability in the Oracle Advanced Inbound Telephony component of Oracle E-Business Suite (versions 12.1.1, 12.1.2, and 12.1.3) may allow remote attackers to compromise data confidentiality and integrity. This vulnerability is associated with issues related to SDK client integration. Although Oracle has not confirmed claims regarding multiple cross-site scripting (XSS) vulnerabilities, it is important to be aware that these could enable attackers to inject arbitrary web scripts or HTML through undefined mechanisms.

References

https://www.onapsis.com/blog/oracle-fixes-record-276-vuln...
x_refsource_MISC
http://www.oracle.com/technetwork/security-advisory/cpuju...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/91843
vdb-entryx_refsource_BID

CVSS V3.1

Score:
8.2
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.