Vulnerability Details : CVE-2016-3538
Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect integrity and availability via vectors related to File Folders / Attachment, a different vulnerability than CVE-2016-3539.
Exploit prediction scoring system (EPSS) score for CVE-2016-3538
Probability of exploitation activity in the next 30 days: 0.10%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 41 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2016-3538
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:S/C:N/I:C/A:P |
8.0
|
7.8
|
NIST |
7.1
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L |
2.8
|
4.2
|
NIST |
References for CVE-2016-3538
-
http://www.securityfocus.com/bid/91966
Oracle Agile PLM CVE-2016-3538 Remote Security Vulnerability
-
http://www.securityfocus.com/bid/91787
Oracle July 2016 Critical Patch Update Multiple VulnerabilitiesThird Party Advisory;VDB Entry
-
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
Oracle Critical Patch Update - July 2016Patch;Vendor Advisory
-
http://www.securitytracker.com/id/1036402
Oracle Supply Chain Products Suite Bugs Let Remote Users Access Data, Modify Data, Deny Service, and Gain Elevated Privileges - SecurityTracker
Products affected by CVE-2016-3538
- cpe:2.3:a:oracle:agile_product_lifecycle_management_framework:9.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:agile_product_lifecycle_management_framework:9.3.5:*:*:*:*:*:*:*