Unspecified Vulnerability in Oracle E-Business Suite Engineering Change Order
CVE-2016-3534

4.7MEDIUM

Key Information:

Vendor
Oracle
Status
Installed Base
Vendor
CVE Published:
21 July 2016

Summary

A vulnerability present in the Oracle Installed Base component of the Oracle E-Business Suite allows remote attackers to compromise system integrity through vectors associated with Engineering Change Orders. This issue has been linked to potential open redirect flaws, making it possible for attackers to redirect users to arbitrary websites, facilitating phishing attempts and other malicious activities. Oracle has released patches to address this issue but has not fully confirmed the specifics regarding the nature of the vulnerability.

References

https://www.onapsis.com/blog/oracle-fixes-record-276-vuln...
x_refsource_MISC
http://www.oracle.com/technetwork/security-advisory/cpuju...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/91787
vdb-entryx_refsource_BID

CVSS V3.1

Score:
4.7
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.