CVE-2016-8325

CWE-284Improper Access Control5 documents5 sources
Severity
9.1CRITICAL
EPSS
1.3%
top 20.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Oracle One-to-one Fulfillment
Timeline
PublishedJan 27
Latest updateMay 17

Description

Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Internal Operations). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Or

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 3.9 | Impact: 5.2

Affected Packages2 packages

CVEListV5oracle/one-to-one_fulfillment7 versions+6

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

3
GHSA
GHSA-gfc9-6465-4r56: Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Internal Operations)2022-05-17
CVEList
CVE-2016-8325: Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Internal Operations)2017-01-27
OSV
openssh vulnerabilities2016-05-09
CVE-2016-8325 (CRITICAL CVSS 9.1) | Vulnerability in the Oracle One-to- | cvebase.io