CVE-2016-3702

CWE-200 — Information Exposure CWE-327 — Broken Cryptographic Algorithm5 documents5 sources

Severity

5.3MEDIUM

EPSS

0.2%

top 60.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Cloudforms Management Engine

Timeline

PublishedApr 21

Latest updateMay 17

Description

Padding oracle flaw in CloudForms Management Engine (aka CFME) 5 allows remote attackers to obtain sensitive cleartext information.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages1 packages

▶NVDredhat/cloudforms_management_engine5.0

🔴Vulnerability Details

GHSA

GHSA-ggp3-m938-r93p: Padding oracle flaw in CloudForms Management Engine (aka CFME) 5 allows remote attackers to obtain sensitive cleartext information↗2022-05-17

▶

CVEList

CVE-2016-3702: Padding oracle flaw in CloudForms Management Engine (aka CFME) 5 allows remote attackers to obtain sensitive cleartext information↗2017-04-21

▶

📋Vendor Advisories

Red Hat

cfme: vulnerable to padding oracle attack against AES-256-CBC↗2016-04-25

▶

💬Community

Bugzilla

CVE-2016-3702 cfme: vulnerable to padding oracle attack against AES-256-CBC↗2016-04-25

▶