Unspecified Vulnerability in Oracle E-Business Suite Affects User Integrity
CVE-2016-3533

4.7MEDIUM

Key Information:

Vendor

Oracle
Status
Knowledge Management
Vendor
CVE Published:
21 July 2016

What is CVE-2016-3533?

An unspecified vulnerability in the Oracle Knowledge Management component of Oracle E-Business Suite allows remote attackers to potentially compromise user integrity. This could be exploited through various vectors related to search functionalities. It has been suggested that the vulnerability involves multiple open redirect flaws that enable attackers to redirect users to illegitimate websites, thereby increasing the risk of phishing attacks and other malicious activities. This vulnerability impacts several versions of Oracle E-Business Suite, and users are encouraged to review the latest security patches and advisories from Oracle.

References

https://www.onapsis.com/blog/oracle-fixes-record-276-vuln...
x_refsource_MISC
http://www.oracle.com/technetwork/security-advisory/cpuju...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/91909
vdb-entryx_refsource_BID

CVSS V3.1

Score:
4.7
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.