CVE-2016-3702

Опубликовано: 25 апр. 2016

Источник: redhat

CVSS3: 4.9

CVSS2: 3.6

Описание

Padding oracle flaw in CloudForms Management Engine (aka CFME) 5 allows remote attackers to obtain sensitive cleartext information.

A padding oracle flaw was found in the encryption of sensitive information stored within the backend database used by CloudForms. An attacker able to submit forged cipher texts could observe the results of encryption and determine information that could, in turn, lead to the disclosure of encrypted data within the database.

Отчет

Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
CloudForms Management Engine 5	cfme	Will not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-327

https://bugzilla.redhat.com/show_bug.cgi?id=1330179cfme: vulnerable to padding oracle attack against AES-256-CBC

4.9 Medium

CVSS3

3.6 Low

CVSS2

Связанные уязвимости

CVE-2016-3702

CVSS3: 5.3

nvd

почти 9 лет назад

Padding oracle flaw in CloudForms Management Engine (aka CFME) 5 allows remote attackers to obtain sensitive cleartext information.

GHSA-ggp3-m938-r93p