CVE-2016-0489 — Oracle Application Testing Suite vulnerability

5 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

17.7%

top 4.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Application Testing Suite

Timeline

PublishedJan 21

Latest updateMay 17

Description

Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Test Manager for Web Apps. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a directory traversal vulnerability in the ActionServlet servlet, which allows remote authen…

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages1 packages

▶NVDoracle/application_testing_suite12.4.0.2, 12.5.0.2+1

Patches

Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

GHSA-j54g-gq5h-525w: Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12↗2022-05-17

▶

CVEList

CVE-2016-0489: Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12↗2016-01-21

▶

💬Community

Bugzilla

CVE-2015-7538 jenkins: CSRF protection ineffective (SECURITY-233)↗2015-12-15

▶

Bugzilla

CVE-2015-5318 jenkins: Public value used for CSRF protection salt (SECURITY-169)↗2015-11-16

▶