4.7

CVE-2016-3533

Unspecified vulnerability in the Oracle Knowledge Management component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect integrity via vectors related to Search. NOTE: the previous information is from the July 2016 CPU. Oracle has not commented on third-party claims that this issue involves multiple open redirect vulnerabilities, which allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OracleKnowledge Management Version12.1.1
OracleKnowledge Management Version12.1.2
OracleKnowledge Management Version12.1.3
OracleKnowledge Management Version12.2.3
OracleKnowledge Management Version12.2.4
OracleKnowledge Management Version12.2.5
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.97% 0.778
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.7 2.8 1.4
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
Patch
Vendor Advisory
http://www.securityfocus.com/bid/91787
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1036403
https://www.onapsis.com/blog/oracle-fixes-record-276-vulnerabilities-july-2016
Third Party Advisory
http://www.securityfocus.com/bid/91909