CVE-2016-3436

Unspecified vulnerability in the Oracle Common Applications Calendar component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Tasks.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.2 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
oracleCNA
---
---
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 55%
VendorProductVersion
oraclecommon_applications_calendar
12.1.1
oraclecommon_applications_calendar
12.1.2
oraclecommon_applications_calendar
12.1.3
𝑥
= Vulnerable software versions
References
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
http://www.securitytracker.com/id/1035603
https://www.onapsis.com/research/security-advisories/oracle-e-business-suite-cross-site-scripting-xss-cve-2016-3436
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
http://www.securitytracker.com/id/1035603
https://www.onapsis.com/research/security-advisories/oracle-e-business-suite-cross-site-scripting-xss-cve-2016-3436