OpenCVE

Unspecified vulnerability in the Oracle Knowledge Management component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect integrity via vectors related to Search. NOTE: the previous information is from the July 2016 CPU. Oracle has not commented on third-party claims that this issue involves multiple open redirect vulnerabilities, which allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Oracle	Knowledge Management

Configuration 1 [-]

OR	cpe:2.3:a:oracle:knowledge_management:12.1.1:::::::*
	cpe:2.3:a:oracle:knowledge_management:12.1.2:::::::*
	cpe:2.3:a:oracle:knowledge_management:12.1.3:::::::*
	cpe:2.3:a:oracle:knowledge_management:12.2.3:::::::*
	cpe:2.3:a:oracle:knowledge_management:12.2.4:::::::*
	cpe:2.3:a:oracle:knowledge_management:12.2.5:::::::*

No data.

References

Link	Providers
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
http://www.securityfocus.com/bid/91787
http://www.securityfocus.com/bid/91909
http://www.securitytracker.com/id/1036403
https://www.onapsis.com/blog/oracle-fixes-record-276-vulnerabilities-july-2016

History

Fri, 11 Oct 2024 21:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: oracle

Published: 2016-07-21T10:00:00

Updated: 2024-10-11T20:48:38.563Z

Reserved: 2016-03-17T00:00:00

Link: CVE-2016-3533

Vulnrichment

Updated: 2024-08-05T23:56:14.458Z

NVD

Status : Modified

Published: 2016-07-21T10:13:29.560

Modified: 2024-11-21T02:50:12.970

Link: CVE-2016-3533

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-07-19T00:00:00", "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the Oracle Knowledge Management component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect integrity via vectors related to Search. NOTE: the previous information is from the July 2016 CPU. Oracle has not commented on third-party claims that this issue involves multiple open redirect vulnerabilities, which allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-31T09:57:01", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.onapsis.com/blog/oracle-fixes-record-276-vulnerabilities-july-2016"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"}, {"name": "91909", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/91909"}, {"name": "91787", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/91787"}, {"name": "1036403", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1036403"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2016-3533", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unspecified vulnerability in the Oracle Knowledge Management component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect integrity via vectors related to Search. NOTE: the previous information is from the July 2016 CPU. Oracle has not commented on third-party claims that this issue involves multiple open redirect vulnerabilities, which allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.onapsis.com/blog/oracle-fixes-record-276-vulnerabilities-july-2016", "refsource": "MISC", "url": "https://www.onapsis.com/blog/oracle-fixes-record-276-vulnerabilities-july-2016"}, {"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"}, {"name": "91909", "refsource": "BID", "url": "http://www.securityfocus.com/bid/91909"}, {"name": "91787", "refsource": "BID", "url": "http://www.securityfocus.com/bid/91787"}, {"name": "1036403", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1036403"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T23:56:14.458Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.onapsis.com/blog/oracle-fixes-record-276-vulnerabilities-july-2016"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"}, {"name": "91909", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/91909"}, {"name": "91787", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/91787"}, {"name": "1036403", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1036403"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-11T19:48:52.642738Z", "id": "CVE-2016-3533", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-11T20:48:38.563Z"}}]}, "cveMetadata": {"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2016-3533", "datePublished": "2016-07-21T10:00:00", "dateReserved": "2016-03-17T00:00:00", "dateUpdated": "2024-10-11T20:48:38.563Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.onapsis.com/blog/oracle-fixes-record-276-vulnerabilities-july-2016", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "http://www.securityfocus.com/bid/91909", "name": "91909", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"]}, {"url": "http://www.securityfocus.com/bid/91787", "name": "91787", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"]}, {"url": "http://www.securitytracker.com/id/1036403", "name": "1036403", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T23:56:14.458Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2016-3533", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-11T19:48:52.642738Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-11T19:49:08.896Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-07-19T00:00:00", "references": [{"url": "https://www.onapsis.com/blog/oracle-fixes-record-276-vulnerabilities-july-2016", "tags": ["x_refsource_MISC"]}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", "tags": ["x_refsource_CONFIRM"]}, {"url": "http://www.securityfocus.com/bid/91909", "name": "91909", "tags": ["vdb-entry", "x_refsource_BID"]}, {"url": "http://www.securityfocus.com/bid/91787", "name": "91787", "tags": ["vdb-entry", "x_refsource_BID"]}, {"url": "http://www.securitytracker.com/id/1036403", "name": "1036403", "tags": ["vdb-entry", "x_refsource_SECTRACK"]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the Oracle Knowledge Management component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect integrity via vectors related to Search. NOTE: the previous information is from the July 2016 CPU. Oracle has not commented on third-party claims that this issue involves multiple open redirect vulnerabilities, which allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle", "dateUpdated": "2017-08-31T09:57:01"}, "x_legacyV4Record": {"affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "n/a"}]}, "product_name": "n/a"}]}, "vendor_name": "n/a"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "https://www.onapsis.com/blog/oracle-fixes-record-276-vulnerabilities-july-2016", "name": "https://www.onapsis.com/blog/oracle-fixes-record-276-vulnerabilities-july-2016", "refsource": "MISC"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/91909", "name": "91909", "refsource": "BID"}, {"url": "http://www.securityfocus.com/bid/91787", "name": "91787", "refsource": "BID"}, {"url": "http://www.securitytracker.com/id/1036403", "name": "1036403", "refsource": "SECTRACK"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "Unspecified vulnerability in the Oracle Knowledge Management component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect integrity via vectors related to Search. NOTE: the previous information is from the July 2016 CPU. Oracle has not commented on third-party claims that this issue involves multiple open redirect vulnerabilities, which allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2016-3533", "STATE": "PUBLIC", "ASSIGNER": "secalert_us@oracle.com"}}}}, "cveMetadata": {"cveId": "CVE-2016-3533", "state": "PUBLISHED", "dateUpdated": "2024-10-11T20:48:38.563Z", "dateReserved": "2016-03-17T00:00:00", "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "datePublished": "2016-07-21T10:00:00", "assignerShortName": "oracle"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:knowledge_management:12.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "B0231892-2983-4811-8987-8AADD602B1E5", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:knowledge_management:12.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "7C81FB17-E715-4B6C-A6D4-01438798559E", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:knowledge_management:12.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "0E1B5BAE-472F-4279-8FF9-84B34CB6073E", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:knowledge_management:12.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "6EFD2181-F646-41B6-A871-0FDF45F81F5D", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:knowledge_management:12.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "7DFDEB88-9F68-406C-96A6-F1335D06AFFC", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:knowledge_management:12.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "79EDFAFC-0252-4BCA-BA73-6B4DDF0D86F5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the Oracle Knowledge Management component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect integrity via vectors related to Search. NOTE: the previous information is from the July 2016 CPU. Oracle has not commented on third-party claims that this issue involves multiple open redirect vulnerabilities, which allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."}, {"lang": "es", "value": "Vulnerabilidad no especificada en el componente Oracle Knowledge Management en Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4 y 12.2.5 permite a atacantes remotos afectar la integridad a trav\u00e9s de vectores relacionados con Search. NOTA: la informaci\u00f3n anterior es de la CPU de Julio 2016. Oracle no ha comentado nada sobre terceros que alegan que este problema implica m\u00faltiples vulnerabilidades de redirecci\u00f3n abierta, lo que permite a atacantes remotos redirigir a usuarios a sitios web arbitrarios y llevar a cabo ataques phishing a trav\u00e9s de vectores no especificados."}], "id": "CVE-2016-3533", "lastModified": "2024-11-21T02:50:12.970", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-07-21T10:13:29.560", "references": [{"source": "secalert_us@oracle.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"}, {"source": "secalert_us@oracle.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/91787"}, {"source": "secalert_us@oracle.com", "url": "http://www.securityfocus.com/bid/91909"}, {"source": "secalert_us@oracle.com", "url": "http://www.securitytracker.com/id/1036403"}, {"source": "secalert_us@oracle.com", "tags": ["Third Party Advisory"], "url": "https://www.onapsis.com/blog/oracle-fixes-record-276-vulnerabilities-july-2016"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/91787"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/91909"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1036403"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.onapsis.com/blog/oracle-fixes-record-276-vulnerabilities-july-2016"}], "sourceIdentifier": "secalert_us@oracle.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}