CVE-2016-3456

{"id": "CVE-2016-3456", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 8.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 4.7, "exploitabilityScore": 2.8}]}, "published": "2016-04-21T11:00:37.340", "references": [{"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", "tags": ["Vendor Advisory"], "source": "secalert_us@oracle.com"}, {"url": "http://www.securitytracker.com/id/1035591", "source": "secalert_us@oracle.com"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id/1035591", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul component in Oracle Supply Chain Products Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Dialog Box."}, {"lang": "es", "value": "Vulnerabilidad no especificada en el componente Oracle Complex Maintenance, Repair and Overhaul en Oracle Supply Chain Products Suite 12.1.1, 12.1.2 y 12.1.3 permite a atacantes remotos afectar a la confidencialidad e integridad a trav\u00e9s de vectores relacionados con Dialog Box."}], "lastModified": "2024-11-21T02:50:02.700", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:complex_maintenance_repair_and_overhaul:12.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DA6504C9-193B-41F2-9F3E-233D12D878E8"}, {"criteria": "cpe:2.3:a:oracle:complex_maintenance_repair_and_overhaul:12.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "42E44E6E-8083-44D7-AA26-6404112A585A"}, {"criteria": "cpe:2.3:a:oracle:complex_maintenance_repair_and_overhaul:12.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A5572768-4F16-4E8E-A889-2BAB293569C6"}], "operator": "OR"}]}], "sourceIdentifier": "secalert_us@oracle.com"}