CVE-2016-3491

Name of the Vulnerable Software and Affected Versions Oracle E-Business Suite version 12.1.3

Description The issue affects confidentiality and integrity, and it is related to the Wireless Framework in the Oracle CRM Technical Foundation component. There are claims that this issue might be a cross-site scripting (XSS) vulnerability, which could allow remote attackers to inject arbitrary web script or HTML.

Recommendations For Oracle E-Business Suite version 12.1.3, consider restricting access to the Wireless Framework until a patch is available. As a temporary workaround, avoid using the component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.