High severity8.2NVD Advisory· Published Jul 21, 2016· Updated May 6, 2026

CVE-2016-3491

Description

Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Wireless Framework. NOTE: the previous information is from the July 2016 CPU. Oracle has not commented on third-party claims that this issue is a cross-site scripting (XSS) vulnerability, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected products

Oracle Corporation/CRM Technical Foundation
cpe:2.3:a:oracle:crm_technical_foundation:12.1.3:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlnvdPatchVendor Advisory
www.securityfocus.com/bid/91787nvdThird Party AdvisoryVDB Entry
www.onapsis.com/blog/oracle-fixes-record-276-vulnerabilities-july-2016nvdThird Party AdvisoryVDB Entry
www.securityfocus.com/bid/91848nvd
www.securitytracker.com/id/1036403nvd

News mentions

No linked articles in our index yet.

cvss	0.533
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000