Unspecified Vulnerability in Oracle E-Business Suite Affects Customer Interaction History
CVE-2016-5591

8.2HIGH

Key Information:

Vendor
Oracle
Status
Customer Interaction History
Vendor
CVE Published:
25 October 2016

Summary

An unspecified vulnerability in the Oracle Customer Interaction History component of Oracle E-Business Suite versions 12.1.1 through 12.1.3, as well as 12.2.3 and 12.2.4, permits remote attackers to potentially compromise the confidentiality and integrity of sensitive data. The exact vectors through which these attacks can occur remain unknown, distinguishing this issue from other vulnerabilities such as those classified under CVE-2016-5587 and CVE-2016-5593. It is essential for organizations using affected versions to assess their security protocols and apply necessary mitigations.

References

http://www.securityfocus.com/bid/93703
vdb-entryx_refsource_BID
http://www.oracle.com/technetwork/security-advisory/cpuoc...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1037038
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
8.2
Severity:
HIGH
Confidentiality:
Low
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.