#VU175 Privilege escalation in Oracle Secure Global Desktop - CVE-2016-3613
Published: July 20, 2016 / Updated: November 22, 2018
Vulnerability identifier: #VU175
Vulnerability risk: Critical
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Red
CVE-ID: CVE-2016-3613
CWE-ID: CWE-264
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Oracle Secure Global Desktop
Oracle Secure Global Desktop
Software vendor:
Oracle
Oracle
Description
The vulnerability allows a remote attacker to gain elevated privileges.
The vulnerability exists in Oracle Secure Global Desktop. A remote user can gain elevated privileges by exploiting a flaw in the Oracle Secure Global Desktop OpenSSL component.
Successful exploitation of this vulnerability may result in user access with elevated privileges on the target system.
The vulnerability exists in Oracle Secure Global Desktop. A remote user can gain elevated privileges by exploiting a flaw in the Oracle Secure Global Desktop OpenSSL component.
Successful exploitation of this vulnerability may result in user access with elevated privileges on the target system.
Remediation
The vendor has issued a fix as part of the July 2016 Oracle Critical Patch Update.