Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 21/10/2015 Updated: 10/12/2018

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote malicious users to affect integrity via unknown vectors related to Single Signon. NOTE: the previous information is from the October 2015 CPU. Oracle has not commented on third-party claims that this issue is a cross-site scripting (XSS) vulnerability, which allows remote malicious users to inject arbitrary web script or HTML via the Domain parameter in the CfgOCIReturn servlet.

Vulnerable Product	Search on Vulmon	Subscribe to Product
oracle e-business suite 12.0.6
oracle e-business suite 12.1.3
oracle e-business suite 12.2.3
oracle e-business suite 12.2.4

NVD-CWE-noinfo http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html http://www.securityfocus.com/bid/77253 http://www.securitytracker.com/id/1033877 http://seclists.org/fulldisclosure/2015/Oct/100 http://packetstormsecurity.com/files/134100/Oracle-E-Business-Suite-12.1.4-Cross-Site-Scripting.html http://www.securityfocus.com/archive/1/536772/100/0/threaded https://erpscan.io/advisories/erpscan-15-027-oracle-e-business-suite-cross-site-scripting-vulnerability/https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2015-4854

Vulnerability Summary

References

Vulmon Search

About

Products

Connect