CyberSec.Space Logo
Back to CVE Browser

CVE-2016-3438

HIGH
8.2
CVSS Severity Score
EPSS Score0.1830%
EPSS Percentile32.43th
PublishedApr 21, 2016
Last ModifiedMay 6, 2026

Vulnerability Description

Unspecified vulnerability in the Oracle Configurator component in Oracle Supply Chain Products Suite 12.0.6, 12.1, and 12.2 allows remote attackers to affect confidentiality and integrity via vectors related to JRAD Heartbeat. NOTE: the previous information is from the April 2016 CPU. Oracle has not commented on third-party claims that that this issue involves multiple cross-site scripting (XSS) vulnerabilities, which allow remote attackers to inject arbitrary web script or HTML via three unspecified parameters in an unknown JSP file.

Affected Platforms (CPE)

πŸ“¦
Oracle

Configurator

= 12.1
πŸ“¦
Oracle

Configurator

= 12.2

References & Advisories

πŸ”— http://onapsis.com/research/security-advisories/oracle-e-business-suite-cross-site-scripting-xss-cve-2016-3438
πŸ”— http://packetstormsecurity.com/files/138564/Oracle-E-Business-Suite-12.2-Cross-Site-Scripting.html
πŸ”— http://seclists.org/fulldisclosure/2016/Aug/136
πŸ”— http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
πŸ”— http://www.securitytracker.com/id/1035591
πŸ”— http://onapsis.com/research/security-advisories/oracle-e-business-suite-cross-site-scripting-xss-cve-2016-3438
πŸ”— http://packetstormsecurity.com/files/138564/Oracle-E-Business-Suite-12.2-Cross-Site-Scripting.html
πŸ”— http://seclists.org/fulldisclosure/2016/Aug/136

Related Vulnerabilities

CVE-2020-696210.0

In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Ve...

CVE-2020-696110.0

In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Ve...

CVE-2019-1744010.0

Improper restriction of communications to Log Forwarding Card (LFC) on PA-7000 Series devices with second-generation Switch Manage...

CVE-2020-676910.0

Missing Authentication for Critical Function in the Bosch Video Streaming Gateway (VSG) allows an unauthenticated remote attacker ...