CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2016-3573
https://notcve.org/view.php?id=CVE-2016-3573
Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.3, 8.4, 15.1, 15.2, and 16.1 allows remote attackers to affect confidentiality and integrity via vectors related to Web access, a different vulnerability than CVE-2016-3566, CVE-2016-3568, CVE-2016-3569, CVE-2016-3570, and CVE-2016-3571. Vulnerabilidad no especificada en el componente Primavera P6 Enterprise Project Portfolio Management en Oracle Primavera Products Suite 8.3, 8.4, 15.1, 15.2 y 16.1 permite a atacantes remotos afectar la confidencialidad y la integridad a través de vectores relacionados con el acceso Web, una vulnerabilidad diferente a CVE-2016-3566, CVE-2016-3568, CVE-2016-3569, CVE-2016-3570 y CVE-2016-3571. • http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html http://www.securityfocus.com/bid/91787 http://www.securityfocus.com/bid/91881 http://www.securitytracker.com/id/1036393 •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2016-3569
https://notcve.org/view.php?id=CVE-2016-3569
Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.3, 8.4, 15.1, 15.2, and 16.1 allows remote attackers to affect confidentiality and integrity via vectors related to Web access, a different vulnerability than CVE-2016-3566, CVE-2016-3568, CVE-2016-3570, CVE-2016-3571, and CVE-2016-3573. Vulnerabilidad no especificada en el componente Primavera P6 Enterprise Project Portfolio Management en Oracle Primavera Products Suite 8.3, 8.4, 15.1, 15.2 y 16.1 permite a atacantes remotos afectar la confidencialidad y la integridad a través de vectores relacionados con el acceso Web, una vulnerabilidad diferente a CVE-2016-3566, CVE-2016-3568, CVE-2016-3570, CVE-2016-3571 y CVE-2016-3573. • http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html http://www.securityfocus.com/bid/91787 http://www.securityfocus.com/bid/91859 http://www.securitytracker.com/id/1036393 •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2016-3571
https://notcve.org/view.php?id=CVE-2016-3571
Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.3, 8.4, 15.1, 15.2, and 16.1 allows remote attackers to affect confidentiality and integrity via vectors related to Web access, a different vulnerability than CVE-2016-3566, CVE-2016-3568, CVE-2016-3569, CVE-2016-3570, and CVE-2016-3573. Vulnerabilidad no especificada en el componente Primavera P6 Enterprise Project Portfolio Management en Oracle Primavera Products Suite 8.3, 8.4, 15.1, 15.2 y 16.1 permite a atacantes remotos afectar la confidencialidad y la integridad a través de vectores relacionados con el acceso Web, una vulnerabilidad diferente a CVE-2016-3566, CVE-2016-3568, CVE-2016-3569, CVE-2016-3570 y CVE-2016-3573. • http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html http://www.securityfocus.com/bid/91787 http://www.securityfocus.com/bid/91866 http://www.securitytracker.com/id/1036393 •
CVSS: 6.4EPSS: 4%CPEs: 9EXPL: 2CVE-2012-3137 – Oracle Database - Protocol Authentication Bypass
https://notcve.org/view.php?id=CVE-2012-3137
The authentication protocol in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote attackers to obtain the session key and salt for arbitrary users, which leaks information about the cryptographic hash and makes it easier to conduct brute force password guessing attacks, aka "stealth password cracking vulnerability." El protocolo de autenticación en Oracle Database 11g 1 y 2 permite a atacantes remotos obtener la clave y la "salt" de sesión para usuarios de su elección, lo cual provoca fugas de información sobre el hash criptográfico y hace que sea más fácil ataques de fuerza bruta para adivinar la contraseña. Se trata de un problema también conocido como "vulnerabilidad de ruptura de contraseñas". Oracle database versions 11g R1 and R2 suffers from an authentication bypass vulnerability. • https://www.exploit-db.com/exploits/22069 http://arstechnica.com/security/2012/09/oracle-database-stealth-password-cracking-vulnerability http://threatpost.com/en_us/blogs/flaw-oracle-logon-protocol-leads-easy-password-cracking-092012?utm_source=Threatpost&utm_medium=Tabs&utm_campaign=Today%27s+Most+Popular http://www.darkreading.com/authentication/167901072/security/application-security/240007643/attack-easily-cracks-oracle-database-passwords.html http://www.exploit-db.com/exploits/22069 http://www.mandriva.com/security • CWE-287: Improper Authentication •