ID CVE-2016-0552 Type cve Reporter cve@mitre.org Modified 2017-09-10T01:29:00
Description
Unspecified vulnerability in the Oracle Customer Intelligence component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2016-0545, CVE-2016-0551, CVE-2016-0559, and CVE-2016-0560.
{"nessus": [{"lastseen": "2019-02-21T01:25:52", "bulletinFamily": "scanner", "description": "The version of Oracle E-Business Suite installed on the remote host is missing the January 2016 Critical Patch Update. It is, therefore, affected by multiple unspecified vulnerabilities in multiple components and subcomponents, the most severe of which can allow an unauthenticated, remote attacker to affect both confidentiality and integrity.", "modified": "2018-11-15T00:00:00", "id": "ORACLE_E-BUSINESS_CPU_JAN_2016.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=88042", "published": "2016-01-21T00:00:00", "title": "Oracle E-Business Multiple Vulnerabilities (January 2016 CPU)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(88042);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2018/11/15 20:50:23\");\n\n script_cve_id(\n \"CVE-2015-3195\",\n \"CVE-2015-4926\",\n \"CVE-2016-0454\",\n \"CVE-2016-0456\",\n \"CVE-2016-0457\",\n \"CVE-2016-0459\",\n \"CVE-2016-0507\",\n \"CVE-2016-0509\",\n \"CVE-2016-0510\",\n \"CVE-2016-0511\",\n \"CVE-2016-0512\",\n \"CVE-2016-0513\",\n \"CVE-2016-0514\",\n \"CVE-2016-0515\",\n \"CVE-2016-0516\",\n \"CVE-2016-0517\",\n \"CVE-2016-0518\",\n \"CVE-2016-0519\",\n \"CVE-2016-0520\",\n \"CVE-2016-0521\",\n \"CVE-2016-0523\",\n \"CVE-2016-0524\",\n \"CVE-2016-0525\",\n \"CVE-2016-0526\",\n \"CVE-2016-0527\",\n \"CVE-2016-0528\",\n \"CVE-2016-0529\",\n \"CVE-2016-0530\",\n \"CVE-2016-0531\",\n \"CVE-2016-0532\",\n \"CVE-2016-0533\",\n \"CVE-2016-0534\",\n \"CVE-2016-0536\",\n \"CVE-2016-0537\",\n \"CVE-2016-0538\",\n \"CVE-2016-0539\",\n \"CVE-2016-0542\",\n \"CVE-2016-0543\",\n \"CVE-2016-0544\",\n \"CVE-2016-0545\",\n \"CVE-2016-0547\",\n \"CVE-2016-0548\",\n \"CVE-2016-0549\",\n \"CVE-2016-0550\",\n \"CVE-2016-0551\",\n \"CVE-2016-0552\",\n \"CVE-2016-0553\",\n \"CVE-2016-0554\",\n \"CVE-2016-0555\",\n \"CVE-2016-0556\",\n \"CVE-2016-0557\",\n \"CVE-2016-0558\",\n \"CVE-2016-0559\",\n \"CVE-2016-0560\",\n \"CVE-2016-0561\",\n \"CVE-2016-0562\",\n \"CVE-2016-0563\",\n \"CVE-2016-0564\",\n \"CVE-2016-0565\",\n \"CVE-2016-0566\",\n \"CVE-2016-0567\",\n \"CVE-2016-0568\",\n \"CVE-2016-0569\",\n \"CVE-2016-0570\",\n \"CVE-2016-0571\",\n \"CVE-2016-0575\",\n \"CVE-2016-0576\",\n \"CVE-2016-0578\",\n \"CVE-2016-0579\",\n \"CVE-2016-0580\",\n \"CVE-2016-0581\",\n \"CVE-2016-0582\",\n \"CVE-2016-0583\",\n \"CVE-2016-0584\",\n \"CVE-2016-0585\",\n \"CVE-2016-0586\",\n \"CVE-2016-0588\",\n \"CVE-2016-0589\"\n );\n script_bugtraq_id(78626);\n\n script_name(english:\"Oracle E-Business Multiple Vulnerabilities (January 2016 CPU)\");\n script_summary(english:\"Checks for the January 2016 CPU.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web application installed on the remote host is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Oracle E-Business Suite installed on the remote host is\nmissing the January 2016 Critical Patch Update. It is, therefore,\naffected by multiple unspecified vulnerabilities in multiple\ncomponents and subcomponents, the most severe of which can allow an\nunauthenticated, remote attacker to affect both confidentiality and\nintegrity.\");\n #http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d13bbe45\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the January 2016 Oracle\nCritical Patch Update advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:e-business_suite\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"oracle_e-business_query_patch_info.nbin\");\n script_require_keys(\"Oracle/E-Business/Version\", \"Oracle/E-Business/patches/installed\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit(\"Oracle/E-Business/Version\");\npatches = get_kb_item_or_exit(\"Oracle/E-Business/patches/installed\");\n\n# Batch checks\nif (patches) patches = split(patches, sep:',', keep:FALSE);\nelse patches = make_list();\n\n# Check if the installed version is an affected version\naffected_versions = make_array(\n '11.5.10.2', make_list('22133429', '22133397'),\n\n '12.1.1', make_list('22133441'),\n '12.1.2', make_list('22133441'),\n '12.1.3', make_list('22133441'),\n\n '12.2.2', make_list('22133451'),\n '12.2.3', make_list('22133451'),\n '12.2.4', make_list('22133451')\n);\n\npatched = FALSE;\naffectedver = FALSE;\n\nif (affected_versions[version])\n{\n affectedver = TRUE;\n patchids = affected_versions[version];\n foreach required_patch (patchids)\n {\n foreach applied_patch (patches)\n {\n if(required_patch == applied_patch)\n {\n patched = applied_patch;\n break;\n }\n }\n if(patched) break;\n }\n if(!patched) patchreport = join(patchids,sep:\" or \");\n}\n\nif (!patched && affectedver)\n{\n if(report_verbosity > 0)\n {\n report =\n '\\n Installed version : '+version+\n '\\n Fixed version : '+version+' Patch '+patchreport+\n '\\n';\n security_warning(port:0,extra:report);\n }\n else security_warning(0);\n exit(0);\n}\nelse if (!affectedver) audit(AUDIT_INST_VER_NOT_VULN, 'Oracle E-Business', version);\nelse exit(0, 'The Oracle E-Business server ' + version + ' is not affected because patch ' + patched + ' has been applied.');\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}], "oracle": [{"lastseen": "2019-05-29T18:20:52", "bulletinFamily": "software", "description": "A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n \n\n\n[Critical Patch Updates and Security Alerts](<http://www.oracle.com/technetwork/topics/security/alerts-086861.html>) for information about Oracle Security Advisories.\n\n \n\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore _strongly_ recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes _without_ delay.**\n\n \n\n\nThis Critical Patch Update contains 248 new security fixes across the product families listed below. Please note that a blog entry summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at <https://blogs.oracle.com/security>.\n\n \n\n\n** Please note that on November 10, 2015, Oracle released [Security Alert for CVE-2015-4852](<http://www.oracle.com/technetwork/topics/security/alert-cve-2015-4852-2763333.html>). Customers of affected Oracle products are strongly advised to apply the fixes and/or configuration steps that were announced for CVE-2015-4852. **\n\n \n\n\nThis Critical Patch Update advisory is also available in an XML format that conforms to the Common Vulnerability Reporting Format (CVRF) version 1.1. More information about Oracle's use of CVRF is available at: <http://www.oracle.com/technetwork/topics/security/cpufaq-098434.html#CVRF>.\n\n \n\n", "modified": "2016-02-12T00:00:00", "published": "2016-01-19T00:00:00", "id": "ORACLE:CPUJAN2016-2367955", "href": "", "title": "Oracle Critical Patch Update - January 2016", "type": "oracle", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
