- Home
- CVEs with nessus.description==The version of Oracle Enterprise Manager Cloud Control installed on
the remote host is affected by multiple vulnerabilities in the
Enterprise Manager Base Platform component :
- Multiple flaws exist in the OpenSSL library bundled in
the Discovery Framework subcomponent, specifically in
the aesni_cbc_hmac_sha1_cipher() function in file
crypto/evp/e_aes_cbc_hmac_sha1.c and the
aesni_cbc_hmac_sha256_cipher() function in file
crypto/evp/e_aes_cbc_hmac_sha256.c, that are triggered
when the connection uses an AES-CBC cipher and AES-NI
is supported by the server. A man-in-the-middle attacker
can exploit these to conduct a padding oracle attack,
resulting in the ability to decrypt the network traffic.
(CVE-2016-2107)
- An unspecified flaw exists in the UI Framework
subcomponent that allows an unauthenticated, remote
attacker to disclose potentially sensitive information.
(CVE-2016-3540)
- An unspecified flaw exists in the Security Framework
subcomponent that allows a local attacker to impact
confidentiality and integrity. (CVE-2016-3563)
Note that the product was formerly known as Enterprise Manager Grid
Control.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top