Skip to main content

Agile Product Lifecycle Management For Process CVE-2016-5504

MEDIUM
Information Exposure (CWE-200)
2016-10-25 secalert_us@oracle.com
4.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.1 MEDIUM
AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Local
Attack Complexity
High
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Oct 25, 2016 - 14:29 cve.org
MEDIUM 4.1

DescriptionCVE.org

Unspecified vulnerability in the Oracle Agile Product Lifecycle Management for Process component in Oracle Supply Chain Products Suite 6.1.0.4, 6.1.1.6, and 6.2.0.0 allows local users to affect confidentiality via vectors related to Supplier Portal.

AnalysisAI

Unspecified vulnerability in the Oracle Agile Product Lifecycle Management for Process component in Oracle Supply Chain Products Suite 6.1.0.4, 6.1.1.6, and 6.2.0.0 allows local users to affect. Rated medium severity (CVSS 4.1). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Technical ContextAI

This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. Unspecified vulnerability in the Oracle Agile Product Lifecycle Management for Process component in Oracle Supply Chain Products Suite 6.1.0.4, 6.1.1.6, and 6.2.0.0 allows local users to affect confidentiality via vectors related to Supplier Portal. Affected products include: Oracle Agile Product Lifecycle Management For Process.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.

CVE-2021-2351 HIGH POC
8.3 Jul 21

Vulnerability in the Advanced Networking Option component of Oracle Database Server. Rated high severity (CVSS 8.3), thi

CVE-2020-11022 MEDIUM POC
6.9 Apr 29

In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one

CVE-2019-11358 MEDIUM POC
6.1 Apr 20

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) becaus

CVE-2026-21969 CRITICAL
9.8 Jan 20

Oracle Agile PLM for Process has a CVSS 9.8 vulnerability in the Supply Chain Sourcing component that allows unauthentic

CVE-2024-21092 HIGH
8.1 Apr 16

Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain (component: Pr

CVE-2024-20956 HIGH
7.3 Feb 17

Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain (component: In

CVE-2026-21944 MEDIUM
6.5 Jan 20

Agile Product Lifecycle Management For Process versions up to 6.2.4 is affected by cross-site scripting (xss) (CVSS 6.5)

CVE-2024-21091 MEDIUM
6.5 Apr 16

Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain (component: Da

CVE-2018-2572 MEDIUM
6.1 Apr 19

Vulnerability in the Oracle Agile Product Lifecycle Management for Process component of Oracle Supply Chain Products Sui

CVE-2018-3134 MEDIUM
5.0 Oct 17

Vulnerability in the Oracle Agile Product Lifecycle Management for Process component of Oracle Supply Chain Products Sui

CVE-2018-3069 LOW
2.7 Jul 18

Vulnerability in the Oracle Agile Product Lifecycle Management for Process component of Oracle Supply Chain Products Sui

Share

CVE-2016-5504 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy