CVE-2016-1499
moderate-risk
Published 2016-01-08
ownCloud Server before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2 allow remote authenticated users to obtain sensitive information from a directory listing and possibly cause a denial of service (CPU consumption) via the force parameter to index.php/apps/files/ajax/scan.php.
Do I need to act?
-
0.50% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.5/10
High
NETWORK
/ LOW complexity
Affected Products (7)
Affected Vendors
References (10)
Vendor Advisory
https://owncloud.org/security/advisory/?id=oc-sa-2016-002
Vendor Advisory
https://owncloud.org/security/advisory/?id=oc-sa-2016-002
45
/ 100
moderate-risk
Severity
29/34 · Critical
Exploitability
2/34 · Minimal
Exposure
14/34 · Moderate