Vulnerability Details : CVE-2016-0680
Unspecified vulnerability in the PeopleSoft Enterprise SCM component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality and integrity via vectors related to Services Procurement.
Products affected by CVE-2016-0680
- cpe:2.3:a:oracle:peoplesoft_supply_chain_management_eprocurement:9.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:peoplesoft_supply_chain_management_eprocurement:9.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-0680
0.08%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 34 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-0680
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:N |
8.0
|
4.9
|
NIST | |
5.4
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |
2.8
|
2.5
|
NIST |
References for CVE-2016-0680
-
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
cpuapr2016v3Vendor Advisory
-
http://www.securitytracker.com/id/1035610
Oracle PeopleSoft Products Multiple Flaws Let Remote Users Deny Service and Remote Authenticated Users Access and Modify Data - SecurityTracker
Jump to