Privilege escalation in Oracle Secure Global Desktop - CVE-2016-3613
Published: July 20, 2016 / Updated: November 22, 2018
Vulnerability identifier: #VU175
CSH Severity: Critical
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Red
CVE-ID: CVE-2016-3613
CWE-ID: CWE-264
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Oracle
Affected software:
Oracle Secure Global Desktop
Oracle Secure Global Desktop
Detailed vulnerability description
The vulnerability allows a remote attacker to gain elevated privileges.
The vulnerability exists in Oracle Secure Global Desktop. A remote user can gain elevated privileges by exploiting a flaw in the Oracle Secure Global Desktop OpenSSL component.
Successful exploitation of this vulnerability may result in user access with elevated privileges on the target system.
The vulnerability exists in Oracle Secure Global Desktop. A remote user can gain elevated privileges by exploiting a flaw in the Oracle Secure Global Desktop OpenSSL component.
Successful exploitation of this vulnerability may result in user access with elevated privileges on the target system.
How to mitigate CVE-2016-3613
The vendor has issued a fix as part of the July 2016 Oracle Critical Patch Update.