CVE-2016-3505

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.3.0, and 12.2.1.0 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to JavaServer Faces.

Published: Oct 25, 2016
Updated: Apr 13, 2023
CVE: CVE-2016-3505
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 9
AV:N/AC:L/Au:S/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
oracle / weblogic_server	12.2.1.0.0	12.2.1.0.0.x
oracle / weblogic_server	12.1.3.0.0	12.1.3.0.0.x
oracle / weblogic_server	10.3.6.0.0	10.3.6.0.0.x

http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
http://www.securityfocus.com/bid/93708
http://www.securitytracker.com/id/1037052

Vulnerability Database

289,697

CVE-2016-3505