Lucene search

[email protected]NVD:CVE-2016-4123

HistoryJun 16, 2016 - 2:59 p.m.

CVE-2016-4123

2016-06-1614:59:03

CWE-787

[email protected]

web.nvd.nist.gov

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

9.1

Confidence

High

EPSS

0.01

Percentile

83.3%

JSON

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

Affected configurations

Nvd

Node

redhatenterprise_linux_desktopMatch5.0

redhatenterprise_linux_desktopMatch6.0

redhatenterprise_linux_serverMatch5.0

redhatenterprise_linux_serverMatch6.0

redhatenterprise_linux_workstationMatch5.0

redhatenterprise_linux_workstationMatch6.0

Node

adobeflash_player_desktop_runtimeRange≤21.0.0.242

AND

applemac_os_xMatch-

microsoftwindowsMatch-

Node

adobeflash_playerRange≤11.2.202.621

AND

linuxlinux_kernelMatch-

Node

adobeflash_playerRange≤18.0.0.352esr

AND

applemac_os_xMatch-

microsoftwindowsMatch-

Node

microsoftwindows_10Match-

microsoftwindows_8.1Match-

AND

adobeflash_playerRange≤21.0.0.242edge

adobeflash_playerRange≤21.0.0.242internet_explorer

Node

applemac_os_xMatch-

googlechrome_osMatch-

linuxlinux_kernelMatch-

microsoftwindowsMatch-

AND

adobeflash_playerRange≤21.0.0.242chrome

Node

opensuseopensuseMatch13.1

opensuseopensuseMatch13.2

suselinux_enterprise_desktopMatch12-

suselinux_enterprise_desktopMatch12sp1

suselinux_enterprise_workstation_extensionMatch12-

suselinux_enterprise_workstation_extensionMatch12sp1

References

lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html

lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html

lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.html

www.securitytracker.com/id/1036117

access.redhat.com/errata/RHSA-2016:1238

docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-083

helpx.adobe.com/security/products/flash-player/apsb16-18.html

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

9.1

Confidence

High

EPSS

0.01

Percentile

83.3%

JSON

Related for NVD:CVE-2016-4123

cve1 redhatcve1 cvelist1 prion1 nessus9 suse3 redhat1 archlinux2 openvas9 altlinux2 freebsd1 kaspersky1 mageia1 mscve1