Search...

CVE-2016-4253

2016-08-09T20:59:00

ID CVE-2016-4253
Type cve
Reporter cve@mitre.org
Modified 2017-08-16T01:29:00

Description

The Backup functionality in Adobe Experience Manager 5.6.1, 6.0, 6.1, and 6.2 allows attackers to obtain sensitive information via unspecified vectors.

JSON Vulners Source

Initial Source

{"id": "CVE-2016-4253", "bulletinFamily": "NVD", "title": "CVE-2016-4253", "description": "The Backup functionality in Adobe Experience Manager 5.6.1, 6.0, 6.1, and 6.2 allows attackers to obtain sensitive information via unspecified vectors.", "published": "2016-08-09T20:59:00", "modified": "2017-08-16T01:29:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4253", "reporter": "cve@mitre.org", "references": ["http://www.securitytracker.com/id/1036563", "https://helpx.adobe.com/security/products/experience-manager/apsb16-27.html", "http://www.securityfocus.com/bid/92380"], "cvelist": ["CVE-2016-4253"], "type": "cve", "lastseen": "2021-02-02T06:28:07", "edition": 4, "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "threatpost", "idList": ["THREATPOST:7D3D4C6CB52DDA3C7DB93D2139A39F4E"]}], "modified": "2021-02-02T06:28:07", "rev": 2}, "score": {"value": 5.3, "vector": "NONE", "modified": "2021-02-02T06:28:07", "rev": 2}, "vulnersScore": 5.3}, "cpe": ["cpe:/a:adobe:experience_manager:5.6.1", "cpe:/a:adobe:experience_manager:6.2.0", "cpe:/a:adobe:experience_manager:6.0.0", "cpe:/a:adobe:experience_manager:6.1.0"], "affectedSoftware": [{"cpeName": "adobe:experience_manager", "name": "adobe experience manager", "operator": "eq", "version": "6.2.0"}, {"cpeName": "adobe:experience_manager", "name": "adobe experience manager", "operator": "eq", "version": "6.0.0"}, {"cpeName": "adobe:experience_manager", "name": "adobe experience manager", "operator": "eq", "version": "5.6.1"}, {"cpeName": "adobe:experience_manager", "name": "adobe experience manager", "operator": "eq", "version": "6.1.0"}], "cvss2": {"acInsufInfo": true, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 1.4}, "cpe23": ["cpe:2.3:a:adobe:experience_manager:5.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:experience_manager:6.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:experience_manager:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:experience_manager:6.2.0:*:*:*:*:*:*:*"], "cwe": ["CWE-200"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:adobe:experience_manager:6.1.0:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:experience_manager:6.0.0:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:experience_manager:6.2.0:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:experience_manager:5.6.1:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "https://helpx.adobe.com/security/products/experience-manager/apsb16-27.html", "refsource": "CONFIRM", "tags": ["Patch", "Vendor Advisory"], "url": "https://helpx.adobe.com/security/products/experience-manager/apsb16-27.html"}, {"name": "92380", "refsource": "BID", "tags": [], "url": "http://www.securityfocus.com/bid/92380"}, {"name": "1036563", "refsource": "SECTRACK", "tags": [], "url": "http://www.securitytracker.com/id/1036563"}], "immutableFields": []}

{"threatpost": [{"lastseen": "2018-10-06T22:54:56", "bulletinFamily": "info", "cvelist": ["CVE-2016-4168", "CVE-2016-4169", "CVE-2016-4170", "CVE-2016-4253"], "description": "Adobe rolled out its monthly patch release today, and the news isn\u2019t necessarily what was patched, but what wasn\u2019t.\n\nFor the first time since January, Adobe did not release a security update for Flash Player. Given Flash\u2019s legacy of being a target-rich environment for cybercriminals and advanced attackers, a month without Flash patches is quite the respite.\n\nSince February, there have been monthly Flash Player updates, including [emergency patches](<https://threatpost.com/emergency-flash-update-patches-public-zero-day/118055/>) for zero-day vulnerabilities being [publicly exploited](<https://threatpost.com/latest-flash-zero-day-being-used-to-push-ransomware/117248/>) in each of April, May and June.\n\nLast month, [Adobe patched 52 vulnerabilities in Flash](<https://threatpost.com/adobe-patches-52-vulnerabilities-in-flash-player/119216/>)\u2014most of the flaws allowed for remote code execution\u2014one of the biggest security updates of the year from Adobe.\n\n[Today\u2019s update](<https://helpx.adobe.com/security/products/experience-manager/apsb16-27.html>) provides hotfixes for four flaws in Adobe Experience Manager, the company\u2019s enterprise web content management system. The software allows for content creation and publication, in addition to the ability to customize certain site and design components and administration capabilities.\n\nAdobe said versions 6.2, 6.1, 6.0 and 5.6.1 are affected on Windows, Unix, Linux and Mac OS X machines.\n\nAll of the vulnerabilities are rated \u201cimportant\u201d in severity; two are input validation flaws that can be used in cross-site scripting attacks (CVE-2016-4168 and CVE-2016-4170), while another bug (CVE-2016-4253) was disclosed in the software\u2019s backup functionality that could lead to information disclosure. The final vulnerability (CVE-2016-4169) allows unprivileged users access to audit logs.\n\nAdobe said that it is not aware of any public attacks against these vulnerabilities.\n", "modified": "2016-08-09T16:50:48", "published": "2016-08-09T12:50:48", "id": "THREATPOST:7D3D4C6CB52DDA3C7DB93D2139A39F4E", "href": "https://threatpost.com/a-month-without-adobe-flash-player-patches/119770/", "type": "threatpost", "title": "Adobe Patches Experience Manager; No Flash Update", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}]}