Information disclosure in Oracle products - CVE-2016-0635
Published: July 21, 2016 / Updated: January 24, 2020
Vulnerability identifier: #VU193
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-0635
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Oracle
Affected software:
Primavera P6 Enterprise Project Portfolio Management
Oracle Enterprise Manager Ops Center
Oracle Health Sciences Information Manager
Oracle Healthcare Master Person Index
Oracle Insurance Rules Palette
Oracle Retail Order Broker
Primavera Contract Management PCM web services
Oracle Financial Services Analytical Applications Infrastructure
Oracle Documaker
Oracle Insurance Calculation Engine
Oracle Insurance Policy Administration
Oracle Retail Integration Bus
Oracle Agile PLM Framework
Oracle Commerce Guided Search
Primavera P6 Enterprise Project Portfolio Management
Oracle Enterprise Manager Ops Center
Oracle Health Sciences Information Manager
Oracle Healthcare Master Person Index
Oracle Insurance Rules Palette
Oracle Retail Order Broker
Primavera Contract Management PCM web services
Oracle Financial Services Analytical Applications Infrastructure
Oracle Documaker
Oracle Insurance Calculation Engine
Oracle Insurance Policy Administration
Oracle Retail Integration Bus
Oracle Agile PLM Framework
Oracle Commerce Guided Search
Detailed vulnerability description
The vulnerability allows a remote attacker to obtain potentially sensitive information.
The vulnerability exists in Primavera P6 Enterprise Project Portfolio Management Web Access component. A remote authenticated attacker can gain elevated privileges by exploiting a flaw in the Primavera P6 Enterprise Project Portfolio Management Web access component.
Successful exploitation of this vulnerability may result in disclosure of system information
The vulnerability exists in Primavera P6 Enterprise Project Portfolio Management Web Access component. A remote authenticated attacker can gain elevated privileges by exploiting a flaw in the Primavera P6 Enterprise Project Portfolio Management Web access component.
Successful exploitation of this vulnerability may result in disclosure of system information
How to mitigate CVE-2016-0635
The vendor has issued a fix as part of the July 2016 Oracle Critical Patch Update.