cbcvebase.
CVE-2016-5537
published 2016-10-25

CVE-2016-5537: Unspecified vulnerability in the NetBeans component in Oracle Fusion Middleware 8.1 allows local users to affect confidentiality, integrity, and availability…

PriorityP432medium5.7CVSS 3.0
AVLACLPRHUINSCCLILAL
EXPLOIT
EPSS
1.04%
59.6th percentile
Unspecified vulnerability in the NetBeans component in Oracle Fusion Middleware 8.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information is from the October 2016 CPU. Oracle has not commented on third-party claims that this issue is a directory traversal vulnerability which allows local users with certain permissions to write to arbitrary files and consequently gain privileges via a .. (dot dot) in a archive entry in a ZIP file imported as a project.

Affected

6 ranges
VendorProductVersion rangeFixed in
apachenetbeans>= 0 < 10.0-110.0-1
apachenetbeans>= 0 < 10.0-110.0-1
apachenetbeans>= 0 < 10.0-110.0-1
apachenetbeans>= 0 < 10.0-110.0-1
debiannetbeans< netbeans 10.0-1 (bookworm)netbeans 10.0-1 (bookworm)
oraclenetbeans

CVSS provenance

nvdv3.05.7MEDIUMCVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
osv5.7MEDIUM
vendor_debian5.7MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.