#VU90 Information disclosure in Oracle products - CVE-2015-2808 

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Vulnerabilities #VU90

#VU90 Information disclosure in Oracle products - CVE-2015-2808

Published: July 5, 2016 / Updated: November 22, 2018


Vulnerability identifier: #VU90
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2015-2808
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vulnerable software:
HPE Service Manager
Oracle Communications Policy Management
SPARC Enterprise M3000
SPARC Enterprise M4000
SPARC Enterprise M5000
SPARC Enterprise M8000
SPARC Enterprise M9000
Software vendor:
Hewlett Packard Enterprise Development LP
Oracle

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information communicated by target system.

The vulnerability exists due to access control error. A remote unauthenticated attacker can obtain RC4 encrypted data and conduct a brute-force key guessing attack by monitoring TLS network traffic.

Successful exploitation of this vulnerability may result in disclosure of system information.

Remediation

Update the versions 9.30, 9.31, 9.32, 9.33, 9.34 at: http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05193347

External links