Lucene search

[email protected]NVD:CVE-2016-4137

HistoryJun 16, 2016 - 2:59 p.m.

CVE-2016-4137

2016-06-1614:59:18

[email protected]

web.nvd.nist.gov

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

9.1

Confidence

High

EPSS

0.95

Percentile

99.3%

JSON

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

Affected configurations

Nvd

Node

redhatenterprise_linux_desktopMatch5.0

redhatenterprise_linux_desktopMatch6.0

redhatenterprise_linux_serverMatch5.0

redhatenterprise_linux_serverMatch6.0

redhatenterprise_linux_workstationMatch5.0

redhatenterprise_linux_workstationMatch6.0

Node

adobeflash_playerRange≤21.0.0.242chrome

adobeflash_player_desktop_runtimeRange≤21.0.0.242

AND

applemacosMatch-

googlechrome_osMatch-

linuxlinux_kernelMatch-

microsoftwindowsMatch-

Node

microsoftwindows_10Match-

microsoftwindows_8.1Match-

AND

adobeflash_playerRange≤21.0.0.242edge

adobeflash_playerRange≤21.0.0.242internet_explorer_11

Node

adobeflash_playerRange≤11.2.202.621

AND

linuxlinux_kernelMatch-

Node

adobeflash_playerRange≤18.0.0.352esr

AND

applemacosMatch-

microsoftwindowsMatch-

Node

opensuseopensuseMatch13.1

opensuseopensuseMatch13.2

suselinux_enterprise_desktopMatch12-

suselinux_enterprise_desktopMatch12sp1

suselinux_enterprise_workstation_extensionMatch12-

suselinux_enterprise_workstation_extensionMatch12sp1

Node

adobeflash_playerMatch-

AND

microsoftwindows_10Match-

microsoftwindows_10Match1511

microsoftwindows_8.1Match-

microsoftwindows_rt_8.1Match-

microsoftwindows_server_2012Match-

microsoftwindows_server_2012Match-r2

References

lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html

lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html

lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.html

www.securitytracker.com/id/1036117

access.redhat.com/errata/RHSA-2016:1238

docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-083

helpx.adobe.com/security/products/flash-player/apsb16-18.html

www.exploit-db.com/exploits/40089/

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

9.1

Confidence

High

EPSS

0.95

Percentile

99.3%

JSON

Related for NVD:CVE-2016-4137

checkpoint_advisories1 redhatcve1 cvelist1 zdt1 prion1 cve1 nessus9 suse3 altlinux2 openvas9 archlinux2 redhat1 freebsd1 mageia1 kaspersky1 mscve1