Lucene search

OracleCVE-2016-3472

HistoryJul 21, 2016 - 10:12 a.m.

CVE-2016-3472

2016-07-2110:12:26

oracle

web.nvd.nist.gov

cve-2016-3472

siebel engineering

installer

deployment

oracle siebel crm

remote authenticated users

confidentiality

web server

nvd

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

CVSS3

5.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

AI Score

5.1

Confidence

Low

EPSS

0.001

Percentile

47.0%

JSON

Unspecified vulnerability in the Siebel Engineering - Installer and Deployment component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote authenticated users to affect confidentiality via vectors related to Web Server.

Affected configurations

Nvd

Node

oraclesiebel_engineering-installer_and_deploymentMatch8.1.1

oraclesiebel_engineering-installer_and_deploymentMatch8.2.2

oraclesiebel_engineering-installer_and_deploymentMatch2014

oraclesiebel_engineering-installer_and_deploymentMatch2015

oraclesiebel_engineering-installer_and_deploymentMatch2016

VendorProductVersionCPE
oraclesiebel_engineering-installer_and_deployment8.1.1cpe:2.3:a:oracle:siebel_engineering-installer_and_deployment:8.1.1:*:*:*:*:*:*:*
oraclesiebel_engineering-installer_and_deployment8.2.2cpe:2.3:a:oracle:siebel_engineering-installer_and_deployment:8.2.2:*:*:*:*:*:*:*
oraclesiebel_engineering-installer_and_deployment2014cpe:2.3:a:oracle:siebel_engineering-installer_and_deployment:2014:*:*:*:*:*:*:*
oraclesiebel_engineering-installer_and_deployment2015cpe:2.3:a:oracle:siebel_engineering-installer_and_deployment:2015:*:*:*:*:*:*:*
oraclesiebel_engineering-installer_and_deployment2016cpe:2.3:a:oracle:siebel_engineering-installer_and_deployment:2016:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
oracle	siebel_engineering-installer_and_deployment	8.1.1	cpe:2.3:a:oracle:siebel_engineering-installer_and_deployment:8.1.1:::::::*
oracle	siebel_engineering-installer_and_deployment	8.2.2	cpe:2.3:a:oracle:siebel_engineering-installer_and_deployment:8.2.2:::::::*
oracle	siebel_engineering-installer_and_deployment	2014	cpe:2.3:a:oracle:siebel_engineering-installer_and_deployment:2014:::::::*
oracle	siebel_engineering-installer_and_deployment	2015	cpe:2.3:a:oracle:siebel_engineering-installer_and_deployment:2015:::::::*
oracle	siebel_engineering-installer_and_deployment	2016	cpe:2.3:a:oracle:siebel_engineering-installer_and_deployment:2016:::::::*

References

www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

www.securityfocus.com/bid/91787

www.securityfocus.com/bid/91978

www.securitytracker.com/id/1036400

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

CVSS3

5.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

AI Score

5.1

Confidence

Low

EPSS

0.001

Percentile

47.0%

JSON

Related for CVE-2016-3472