Vulnerability Name: CVE-2016-0560 (CCN-109847) Assigned: 2015-12-09 Published: 2016-01-19 Updated: 2017-09-10 Summary: Unspecified vulnerability in the Oracle Customer Intelligence component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2016-0545 , CVE-2016-0551 , CVE-2016-0552 , and CVE-2016-0559 . CVSS v3 Severity: 6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N )Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): LowIntegrity (I): LowAvailibility (A): None
CVSS v2 Severity: 6.4 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N )4.7 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): None
6.4 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N )4.7 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): None
Vulnerability Type: CWE-noinfo Vulnerability Consequences: Other References: Source: MITRE Type: CNACVE-2016-0560 Source: CCN Type: Oracle Critical Patch Update Advisory - January 2016Oracle Critical Patch Update Advisory - January 2016 Source: CONFIRM Type: Vendor Advisoryhttp://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html Source: SECTRACK Type: UNKNOWN1034726 Source: XF Type: UNKNOWNoracle-cpujan2016-cve20160560(109847) Vulnerable Configuration: Configuration 1 :cpe:/a:oracle:customer_intelligence:11.5.10.2:*:*:*:*:*:*:* OR cpe:/a:oracle:customer_intelligence:12.1.1:*:*:*:*:*:*:* OR cpe:/a:oracle:customer_intelligence:12.1.2:*:*:*:*:*:*:* OR cpe:/a:oracle:customer_intelligence:12.1.3:*:*:*:*:*:*:* OR cpe:/a:oracle:customer_intelligence:12.2.3:*:*:*:*:*:*:* OR cpe:/a:oracle:customer_intelligence:12.2.4:*:*:*:*:*:*:* OR cpe:/a:oracle:customer_intelligence:12.2.5:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:oracle:e-business_suite:11.5.10.2:*:*:*:*:*:*:* OR cpe:/a:oracle:e-business_suite:12.1.1:*:*:*:*:*:*:* OR cpe:/a:oracle:e-business_suite:12.1.2:*:*:*:*:*:*:* OR cpe:/a:oracle:e-business_suite:12.1.3:*:*:*:*:*:*:* OR cpe:/a:oracle:e-business_suite:12.2.3:*:*:*:*:*:*:* OR cpe:/a:oracle:e-business_suite:12.2.4:*:*:*:*:*:*:* OR cpe:/a:oracle:e-business_suite:12.2.5:*:*:*:*:*:*:* Denotes that component is vulnerable BACK
oracle customer intelligence 11.5.10.2
oracle customer intelligence 12.1.1
oracle customer intelligence 12.1.2
oracle customer intelligence 12.1.3
oracle customer intelligence 12.2.3
oracle customer intelligence 12.2.4
oracle customer intelligence 12.2.5
oracle e-business suite 11.5.10.2
oracle e-business suite 12.1.1
oracle e-business suite 12.1.2
oracle e-business suite 12.1.3
oracle e-business suite 12.2.3
oracle e-business suite 12.2.4
oracle e-business suite 12.2.5