Skip to main content

Retail Order Broker CVE-2016-3565

HIGH
2016-07-21 secalert_us@oracle.com
7.6
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.6 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
High
Availability
Low

Lifecycle Timeline

1
CVE Published
Jul 21, 2016 - 10:14 cve.org
HIGH 7.6

DescriptionCVE.org

Unspecified vulnerability in the Oracle Retail Order Broker component in Oracle Retail Applications 5.1 and 5.2 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to System Administration.

AnalysisAI

Unspecified vulnerability in the Oracle Retail Order Broker component in Oracle Retail Applications 5.1 and 5.2 allows remote authenticated users to affect confidentiality, integrity, and. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity.

Technical ContextAI

Unspecified vulnerability in the Oracle Retail Order Broker component in Oracle Retail Applications 5.1 and 5.2 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to System Administration. Affected products include: Oracle Retail Order Broker.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2018-1270 CRITICAL POC
9.8 Apr 06

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow app

CVE-2021-2351 HIGH POC
8.3 Jul 21

Vulnerability in the Advanced Networking Option component of Oracle Database Server. Rated high severity (CVSS 8.3), thi

CVE-2019-0227 HIGH POC
7.5 May 01

A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2

CVE-2020-9484 HIGH POC
7.0 May 20

When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a)

CVE-2019-10219 MEDIUM POC
6.1 Nov 08

A vulnerability was found in Hibernate-Validator. Rated medium severity (CVSS 6.1), this vulnerability is remotely explo

CVE-2018-1271 MEDIUM POC
5.9 Apr 06

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow app

CVE-2020-9409 CRITICAL
9.8 May 20

The administrative UI component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server for AWS

CVE-2020-10683 CRITICAL
9.8 May 01

dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE

CVE-2019-12419 CRITICAL
9.8 Nov 06

Apache CXF before 3.3.4 and 3.2.11 provides all of the components that are required to build a fully fledged OpenId Conn

CVE-2019-13990 CRITICAL
9.8 Jul 26

initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attack

CVE-2018-8013 CRITICAL
9.8 May 24

In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the in

CVE-2018-1275 CRITICAL
9.8 Apr 11

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow app

Share

CVE-2016-3565 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy