CVE-2016-2406

{"id": "CVE-2016-2406", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2017-03-20T16:59:01.627", "references": [{"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160218-01-dsm-en", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160218-01-dsm-en", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-275"}]}], "descriptions": [{"lang": "en", "value": "The permission control module in Huawei Document Security Management (aka DSM) before V100R002C05SPC670 allows remote authenticated users to obtain sensitive information from encrypted documents by leveraging incorrect control of permissions on the PrintScreen button."}, {"lang": "es", "value": "El m\u00f3dulo de control de permisos en Huawei Document Security Management (tambi\u00e9n conocido como DSM) en versiones anteriores a V100R002C05SPC670 permite a usuarios remotos autenticados obtener informaci\u00f3n sensible de documentos cifrados aprovechando el control incorrecto de permisos en el bot\u00f3n PrintScreen."}], "lastModified": "2024-11-21T02:48:24.077", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:huawei:document_security_management:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D4E1C8B-7625-4DE2-8F2C-4AB4354A31C2", "versionEndIncluding": "v100r002c05spc661"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}