Oracle E-Business Multiple Vulnerabilities (January 2017 CPU)

high Nessus Plugin ID 96608

Synopsis

A web application installed on the remote host is affected by multiple vulnerabilities.

Description

The version of Oracle E-Business installed on the remote host is missing the January 2017 Oracle Critical Patch Update (CPU). It is, therefore, affected by multiple unspecified vulnerabilities in multiple components and subcomponents, the most severe of which can allow an unauthenticated, remote attacker to affect both confidentiality and integrity. The affected components and subcomponents are as follows :

- Oracle Advanced Outbound Telephony : User Interface
- Oracle Application Object Library : Patching
- Oracle Applications DBA : Patching
- Oracle Applications Manager : OAM Client
- Oracle Common Applications : Resources Module
- Oracle Common Applications : Role Summary
- Oracle Common Applications : User Interface
- Oracle CRM Technical Foundation : User Interface
- Oracle Customer Intelligence : User Interface
- Oracle Customer Interaction History : User Interface
- Oracle Email Center : User Interface
- Oracle Fulfillment Manager : User Interface
- Oracle Installed Base : User Interface
- Oracle Interaction Blending : User Interface
- Oracle iStore : Address Book
- Oracle iStore : User Interface
- Oracle Knowledge Management : User Interface
- Oracle Leads Management : User Interface
- Oracle Marketing : User Interface
- Oracle One-to-One Fulfillment : Internal Operations
- Oracle One-to-One Fulfillment : Request Confirmation
- Oracle One-to-One Fulfillment : User Interface
- Oracle Partner Management : User Interface
- Oracle Service Fulfillment Manager : User Interface
- Oracle Universal Work Queue : User Interface
- Oracle XML Gateway : Oracle Transport Agent

Solution

Apply the appropriate patch according to the January 2017 Oracle Critical Patch Update advisory.

See Also

http://www.nessus.org/u?2f2c97c2

Plugin Details

Severity: High

ID: 96608

File Name: oracle_e-business_cpu_jan_2017.nasl

Version: 1.11

Type: remote

Family: Misc.

Published: 1/18/2017

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.2

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2017-3346

CVSS v3

Risk Factor: High

Base Score: 8.2

Temporal Score: 7.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:oracle:e-business_suite

Required KB Items: Oracle/E-Business/Version, Oracle/E-Business/patches/installed

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/18/2017

Vulnerability Publication Date: 1/18/2017

Reference Information

CVE: CVE-2016-8325, CVE-2017-3246, CVE-2017-3274, CVE-2017-3275, CVE-2017-3277, CVE-2017-3278, CVE-2017-3279, CVE-2017-3280, CVE-2017-3281, CVE-2017-3282, CVE-2017-3283, CVE-2017-3284, CVE-2017-3285, CVE-2017-3286, CVE-2017-3287, CVE-2017-3303, CVE-2017-3326, CVE-2017-3327, CVE-2017-3328, CVE-2017-3333, CVE-2017-3334, CVE-2017-3335, CVE-2017-3336, CVE-2017-3338, CVE-2017-3339, CVE-2017-3340, CVE-2017-3341, CVE-2017-3343, CVE-2017-3344, CVE-2017-3346, CVE-2017-3348, CVE-2017-3349, CVE-2017-3350, CVE-2017-3351, CVE-2017-3352, CVE-2017-3353, CVE-2017-3354, CVE-2017-3357, CVE-2017-3358, CVE-2017-3359, CVE-2017-3360, CVE-2017-3361, CVE-2017-3362, CVE-2017-3363, CVE-2017-3364, CVE-2017-3365, CVE-2017-3366, CVE-2017-3367, CVE-2017-3368, CVE-2017-3369, CVE-2017-3370, CVE-2017-3371, CVE-2017-3372, CVE-2017-3373, CVE-2017-3374, CVE-2017-3375, CVE-2017-3376, CVE-2017-3377, CVE-2017-3378, CVE-2017-3379, CVE-2017-3380, CVE-2017-3381, CVE-2017-3382, CVE-2017-3383, CVE-2017-3384, CVE-2017-3385, CVE-2017-3386, CVE-2017-3387, CVE-2017-3388, CVE-2017-3389, CVE-2017-3390, CVE-2017-3391, CVE-2017-3392, CVE-2017-3394, CVE-2017-3395, CVE-2017-3396, CVE-2017-3397, CVE-2017-3398, CVE-2017-3399, CVE-2017-3400, CVE-2017-3401, CVE-2017-3402, CVE-2017-3403, CVE-2017-3404, CVE-2017-3405, CVE-2017-3406, CVE-2017-3407, CVE-2017-3408, CVE-2017-3409, CVE-2017-3410, CVE-2017-3411, CVE-2017-3412, CVE-2017-3413, CVE-2017-3414, CVE-2017-3415, CVE-2017-3416, CVE-2017-3417, CVE-2017-3418, CVE-2017-3419, CVE-2017-3420, CVE-2017-3421, CVE-2017-3422, CVE-2017-3423, CVE-2017-3424, CVE-2017-3425, CVE-2017-3426, CVE-2017-3427, CVE-2017-3428, CVE-2017-3429, CVE-2017-3430, CVE-2017-3431, CVE-2017-3433, CVE-2017-3435, CVE-2017-3436, CVE-2017-3437, CVE-2017-3438, CVE-2017-3439, CVE-2017-3440, CVE-2017-3441, CVE-2017-3442, CVE-2017-3443

BID: 95463, 95464, 95465, 95467, 95468, 95485, 95487, 95490, 95492, 95497, 95500, 95511, 95523, 95526, 95531, 95561, 95564, 95569, 95573, 95577, 95582, 95586, 95587, 95591, 95593, 95594, 95595, 95597, 95598, 95600, 95602, 95604, 95605, 95610, 95611, 95612, 95613, 95614, 95615, 95616, 95617, 95618