Vulnerability Name:

CVE-2016-3559 (CCN-115197)

Assigned:2016-07-19
Published:2016-07-19
Updated:2017-09-01
Summary:Unspecified vulnerability in the Oracle Email Center component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect integrity via vectors related to Email Center Agent Console, a different vulnerability than CVE-2016-3558.
CVSS v3 Severity:4.7 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)
4.1 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
4.7 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)
4.1 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
4.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-noinfo
Vulnerability Consequences:Other
References:Source: MITRE
Type: CNA
CVE-2016-3559

Source: CCN
Type: Oracle CPUJul2016
Oracle Critical Patch Update Advisory - July 2016

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

Source: BID
Type: Third Party Advisory, VDB Entry
91787

Source: CCN
Type: BID-91787
Oracle July 2016 Critical Patch Update Multiple Vulnerabilities

Source: BID
Type: UNKNOWN
91903

Source: SECTRACK
Type: UNKNOWN
1036403

Source: XF
Type: UNKNOWN
oracle-cpujul2016-cve20163559(115197)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:oracle:email_center:12.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:email_center:12.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:email_center:12.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:email_center:12.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:email_center:12.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:email_center:12.2.5:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    oracle email center 12.1.1
    oracle email center 12.1.2
    oracle email center 12.1.3
    oracle email center 12.2.3
    oracle email center 12.2.4
    oracle email center 12.2.5