CVE-2016-6042

Severity Score

7.3

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

IBM AppScan Enterprise Edition could allow a remote attacker to execute arbitrary code on the system, caused by improper handling of objects in memory. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system in the same context as the victim.

IBM AppScan Enterprise Edition podría permitir a un atacante remoto ejecutar código arbitrario en el sistema, provocado por manipulación indebida de objetos en memoria. Al persuadir a una víctima para abrir un contenido especialmente manipulado, un atacante podría explotar esta vulnerabilidad para ejecutar código arbitrario en el sistema en el mismo contexto que la víctima.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2016-06-29 CVE Reserved
2017-02-01 CVE Published
2024-02-14 EPSS Updated
2024-08-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC
http://www.ibm.com/support/docview.wss?uid=swg21995118	2021-06-08

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Ibm Search vendor "Ibm"		Security Appscan Search vendor "Ibm" for product "Security Appscan"				9.0.0.0 Search vendor "Ibm" for product "Security Appscan" and version "9.0.0.0"		-		Affected
Ibm Search vendor "Ibm"		Security Appscan Search vendor "Ibm" for product "Security Appscan"				9.0.0.1 Search vendor "Ibm" for product "Security Appscan" and version "9.0.0.1"		enterprise		Affected
Ibm Search vendor "Ibm"		Security Appscan Search vendor "Ibm" for product "Security Appscan"				9.0.1.0 Search vendor "Ibm" for product "Security Appscan" and version "9.0.1.0"		enterprise		Affected
Ibm Search vendor "Ibm"		Security Appscan Search vendor "Ibm" for product "Security Appscan"				9.0.1.1 Search vendor "Ibm" for product "Security Appscan" and version "9.0.1.1"		enterprise		Affected
Ibm Search vendor "Ibm"		Security Appscan Search vendor "Ibm" for product "Security Appscan"				9.0.2.0 Search vendor "Ibm" for product "Security Appscan" and version "9.0.2.0"		enterprise		Affected
Ibm Search vendor "Ibm"		Security Appscan Search vendor "Ibm" for product "Security Appscan"				9.0.2.1 Search vendor "Ibm" for product "Security Appscan" and version "9.0.2.1"		enterprise		Affected
Ibm Search vendor "Ibm"		Security Appscan Search vendor "Ibm" for product "Security Appscan"				9.0.3.0 Search vendor "Ibm" for product "Security Appscan" and version "9.0.3.0"		enterprise		Affected
Ibm Search vendor "Ibm"		Security Appscan Search vendor "Ibm" for product "Security Appscan"				9.0.3.1 Search vendor "Ibm" for product "Security Appscan" and version "9.0.3.1"		enterprise		Affected