CVE-2016-4000 in Rapid Planninginfo

Summary

Jython before 2.7.1rc1 allows attackers to execute arbitrary code via a crafted serialized PyFunction object.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Reservation

04/12/2016

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

IDVulnerabilityCWEExpCouCVE
158466Oracle Rapid Planning Middle Tier deserialization502Not definedOfficial fixCVE-2016-4000
153302Oracle Communications Diameter Signaling Router IDIH Visualization deserialization502Not definedOfficial fixCVE-2016-4000
148758Oracle Application Testing Suite Oracle Flow Builder deserialization502Not definedOfficial fixCVE-2016-4000
143587Oracle Enterprise Manager Base Platform Jython deserialization502Not definedOfficial fixCVE-2016-4000
133560Oracle Configuration Manager Collector of Config/Diag deserialization502Not definedOfficial fixCVE-2016-4000
129705Oracle Utilities Network Management System Jython deserialization502Not definedOfficial fixCVE-2016-4000
129520Oracle Banking Platform JQuery deserialization502Not definedOfficial fixCVE-2016-4000
129509Oracle Enterprise Manager Base Platform jackson-databind deserialization502Not definedOfficial fixCVE-2016-4000
125413Oracle Enterprise Manager Ops Center Jython deserialization502Not definedOfficial fixCVE-2016-4000
103223Jython PyFunction Object deserialization502Not definedOfficial fixCVE-2016-4000

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!