Lucene search

MitreCVE-2016-2406

HistoryMar 20, 2017 - 4:59 p.m.

CVE-2016-2406

2017-03-2016:59:01

CWE-275

mitre

web.nvd.nist.gov

huawei

dsm

cve-2016-2406

document security

permission control

printscreen

encryption

sensitive information

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

4.2

Confidence

High

EPSS

0.001

Percentile

34.9%

JSON

The permission control module in Huawei Document Security Management (aka DSM) before V100R002C05SPC670 allows remote authenticated users to obtain sensitive information from encrypted documents by leveraging incorrect control of permissions on the PrintScreen button.

Affected configurations

Nvd

Node

huaweidocument_security_managementRange≤v100r002c05spc661

VendorProductVersionCPE
huaweidocument_security_management*cpe:2.3:a:huawei:document_security_management:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
huawei	document_security_management	*	cpe:2.3:a:huawei:document_security_management::::::::

References

www.huawei.com/en/psirt/security-advisories/huawei-sa-20160218-01-dsm-en

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

4.2

Confidence

High

EPSS

0.001

Percentile

34.9%

JSON

Related for CVE-2016-2406