CVE-2016-5482Improper Access Control in Oracle Commerce Guided Search

CWE-284Improper Access ControlCWE-125Out-of-bounds ReadCWE-190Integer Overflow or Wraparound6 documents5 sources
Severity
8.2HIGHNVD
EPSS
0.2%
top 54.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Oracle Commerce Guided Search
Timeline
PublishedOct 25
Latest updateMay 17

Description

Unspecified vulnerability in the Oracle Commerce Guided Search component in Oracle Commerce 6.2.2, 6.3.0, 6.4.1.2, and 6.5.0 through 6.5.2 allows remote attackers to affect confidentiality and integrity via unknown vectors.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:NExploitability: 2.8 | Impact: 4.7

Affected Packages1 packages

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

2
GHSA
GHSA-m3mf-jf72-hcpp: Unspecified vulnerability in the Oracle Commerce Guided Search component in Oracle Commerce 62022-05-17
CVEList
CVE-2016-5482: Unspecified vulnerability in the Oracle Commerce Guided Search component in Oracle Commerce 62016-10-25

📋Vendor Advisories

2
Red Hat
tcpdump: multiple overflow issues in protocol decoding2017-02-02
Red Hat
tcpdump: multiple overflow issues in protocol decoding2017-02-02

💬Community

1
HackerOne
CVE-2017-5482 The Q.933 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:q933_print().2019-10-08
CVE-2016-5482 — Improper Access Control in Oracle | cvebase