CVE-2016-0489 in Enterprise Managerinformazioni

Riassunto

di MITRE

Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Test Manager for Web Apps. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a directory traversal vulnerability in the ActionServlet servlet, which allows remote authenticated users to upload and execute arbitrary files via directory traversal sequences in the tempfilename parameter in a ReportImage action.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Prenotare

09/12/2015

Divulgazione

20/01/2016

Moderazione

accettato

Voce

VDB-80398

CPE

pronto

CWE

CWE-22 (confermato)

CVSS

6.5 (NVD)

EPSS

0.54782

KEV

Attività

molto basso

Settore

Finance, Hostingprovider, ...

Fonti

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-0489
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-0489
CVE Details	https://www.cvedetails.com/cve/CVE-2016-0489/

◂ Precedente Visione D'ensemble Il prossimo ▸

Interested in the pricing of exploits?

See the underground prices here!