ID

VAR-201602-0320


CVE

CVE-2016-0958


TITLE

Adobe Experience Manager Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2016-001450

DESCRIPTION

Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 might allow remote attackers to have an unspecified impact via a crafted serialized Java object. Adobe Experience Manager (AEM) is a set of content management solutions from Adobe (Adobe) that can be used to build websites, mobile applications and forms. The solution supports mobile content management, marketing and sales campaign management, and multi-site management. There is a security vulnerability in AEM. The following versions are affected: AEM version 5.6.1, version 6.0.0, version 6.1.0

Trust: 1.8

sources: NVD: CVE-2016-0958 // JVNDB: JVNDB-2016-001450 // VULHUB: VHN-88468 // VULMON: CVE-2016-0958

AFFECTED PRODUCTS

vendor:adobemodel:experience managerscope:eqversion:6.0.0

Trust: 1.6

vendor:adobemodel:experience managerscope:eqversion:6.1.0

Trust: 1.6

vendor:adobemodel:experience managerscope:eqversion:5.6.1

Trust: 1.6

vendor:adobemodel:experience managerscope:eqversion:5.6.1 (windows/unix/linux/os x)

Trust: 0.8

vendor:adobemodel:experience managerscope:eqversion:6.0.0 (windows/unix/linux/os x)

Trust: 0.8

vendor:adobemodel:experience managerscope:eqversion:6.1.0 (windows/unix/linux/os x)

Trust: 0.8

sources: JVNDB: JVNDB-2016-001450 // CNNVD: CNNVD-201602-221 // NVD: CVE-2016-0958

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-0958
value: HIGH

Trust: 1.0

NVD: CVE-2016-0958
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201602-221
value: HIGH

Trust: 0.6

VULHUB: VHN-88468
value: HIGH

Trust: 0.1

VULMON: CVE-2016-0958
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-0958
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-88468
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-0958
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-88468 // VULMON: CVE-2016-0958 // JVNDB: JVNDB-2016-001450 // CNNVD: CNNVD-201602-221 // NVD: CVE-2016-0958

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-88468 // JVNDB: JVNDB-2016-001450 // NVD: CVE-2016-0958

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201602-221

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201602-221

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-001450

PATCH

title:APSB16-05url:http://helpx.adobe.com/security/products/experience-manager/apsb16-05.html

Trust: 0.8

title:APSB16-05url:http://helpx.adobe.com/jp/security/products/experience-manager/apsb16-05.html

Trust: 0.8

title:Adobe Experience Manager Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60163

Trust: 0.6

title:Java-Deserialization-Cheat-Sheeturl:https://github.com/klausware/Java-Deserialization-Cheat-Sheet

Trust: 0.1

title:Java-Deserialization-Cheat-Sheeturl:https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet

Trust: 0.1

title:Java-Deserialization-CVEsurl:https://github.com/PalindromeLabs/Java-Deserialization-CVEs

Trust: 0.1

title:CVE-Studyurl:https://github.com/thdusdl1219/CVE-Study

Trust: 0.1

sources: VULMON: CVE-2016-0958 // JVNDB: JVNDB-2016-001450 // CNNVD: CNNVD-201602-221

EXTERNAL IDS

db:NVDid:CVE-2016-0958

Trust: 2.6

db:JVNDBid:JVNDB-2016-001450

Trust: 0.8

db:CNNVDid:CNNVD-201602-221

Trust: 0.7

db:VULHUBid:VHN-88468

Trust: 0.1

db:BIDid:83121

Trust: 0.1

db:VULMONid:CVE-2016-0958

Trust: 0.1

sources: VULHUB: VHN-88468 // VULMON: CVE-2016-0958 // JVNDB: JVNDB-2016-001450 // CNNVD: CNNVD-201602-221 // NVD: CVE-2016-0958

REFERENCES

url:https://helpx.adobe.com/security/products/experience-manager/apsb16-05.html

Trust: 1.8

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0958

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-0958

Trust: 0.8

url:https://cwe.mitre.org/data/definitions/200.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.securityfocus.com/bid/83121

Trust: 0.1

url:https://github.com/klausware/java-deserialization-cheat-sheet

Trust: 0.1

url:https://github.com/grrrdog/java-deserialization-cheat-sheet

Trust: 0.1

sources: VULHUB: VHN-88468 // VULMON: CVE-2016-0958 // JVNDB: JVNDB-2016-001450 // CNNVD: CNNVD-201602-221 // NVD: CVE-2016-0958

SOURCES

db:VULHUBid:VHN-88468
db:VULMONid:CVE-2016-0958
db:JVNDBid:JVNDB-2016-001450
db:CNNVDid:CNNVD-201602-221
db:NVDid:CVE-2016-0958

LAST UPDATE DATE

2024-08-14T14:33:49.811000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-88468date:2016-02-18T00:00:00
db:VULMONid:CVE-2016-0958date:2016-02-18T00:00:00
db:JVNDBid:JVNDB-2016-001450date:2016-02-19T00:00:00
db:CNNVDid:CNNVD-201602-221date:2016-02-15T00:00:00
db:NVDid:CVE-2016-0958date:2016-02-18T22:56:24.760

SOURCES RELEASE DATE

db:VULHUBid:VHN-88468date:2016-02-10T00:00:00
db:VULMONid:CVE-2016-0958date:2016-02-10T00:00:00
db:JVNDBid:JVNDB-2016-001450date:2016-02-19T00:00:00
db:CNNVDid:CNNVD-201602-221date:2016-02-15T00:00:00
db:NVDid:CVE-2016-0958date:2016-02-10T20:59:10.967