Lucene search

[email protected]CVE-2016-8328

HistoryJan 27, 2017 - 10:59 p.m.

CVE-2016-8328

2017-01-2722:59:01

[email protected]

web.nvd.nist.gov

cve-2016-8328

java se

oracle

vulnerability

exploit

network access

integrity impact

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

3.9 Low

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.8%

JSON

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Java Mission Control). The supported version that is affected is Java SE: 8u112. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data. Note: Applies to Java Mission Control Installation. CVSS v3.0 Base Score 3.7 (Integrity impacts).

Affected configurations

NVD

Node

oraclejdkMatch1.8update_112

oraclejreMatch1.8update_112

CPENameOperatorVersion
oracle:jdkoracle jdkeq1.8
oracle:jreoracle jreeq1.8

CPE	Name	Operator	Version
oracle:jdk	oracle jdk	eq	1.8
oracle:jre	oracle jre	eq	1.8

CNA Affected

[
  {
    "product": "Java SE",
    "vendor": "Oracle",
    "versions": [
      {
        "status": "affected",
        "version": "8u112"
      }
    ]
  }
]