Vulnerability identifier: #VU639

Vulnerability risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L/E:P/RL:O/RC:C]

CVE-ID: CVE-2016-2107

CWE-ID: CWE-284

Exploitation vector: Network

Exploits in database: 1

• March 18, 2020
  • OpenSSL - Padding Oracle in AES-NI CBC MAC Check [Exploit-DB]

Impact: Information disclosure and data manipulation

Vulnerable software:
OpenSSL
Server applications / Encryption software
Oracle Solaris
Operating systems & Components / Operating system
Oracle Linux
Operating systems & Components / Operating system
macOS
Operating systems & Components / Operating system
Oracle Access Manager
Server applications / Directory software, identity management
Oracle Exalogic Infrastructure
Server applications / Remote management servers, RDP, SSH
Oracle Enterprise Manager Ops Center
Server applications / Remote management servers, RDP, SSH
Enterprise Manager Base Platform
Server applications / Other server solutions
Oracle Agile Engineering Data Management
Other software / Other software solutions
Oracle Business Intelligence Enterprise Edition
Other software / Other software solutions
Oracle Transportation Management
Other software / Other software solutions
Oracle Enterprise Session Border Controller
Other software / Other software solutions
Oracle Life Sciences Data Hub
Other software / Other software solutions
Primavera P6 Professional Project Management
Other software / Other software solutions
PeopleSoft Enterprise PeopleTools
Client/Desktop applications / Office applications
Oracle Communications Unified Session Manager
/
Oracle VM VirtualBox
Server applications / Virtualization software
Oracle Secure Global Desktop
Client/Desktop applications / Virtualization software
Oracle E-Business Suite
Web applications / E-Commerce systems
Oracle Commerce Guided Search
Web applications / E-Commerce systems

Vendor: OpenSSL Software Foundation
Oracle
Apple Inc.