Description

Oracle EBS "Popup windows" subcomponent allows a remote attacker to control the source of the frame. It can be used for phishing attacks.

Remediation

Upgrade to the latest version of Oracle E-Business Suite

References

Oracle Critical Patch Update Advisory - April 2017

Related Vulnerabilities

Content Security Policy (CSP) Not Implemented

Wildcard Detected in Scheme Portion of Content Security Policy (CSP) Directive

Version Disclosure (IIS)

Content Security Policy Misconfiguration

Pentaho API Auth bypass (CVE-2021-31602)

Severity

Medium

Classification

CVE-2017-3528 CWE-601 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Abuse Of Functionality Configuration