CVE-2016-3428

low-risk

Published 2016-04-21

Unspecified vulnerability in the Oracle Agile Engineering Data Management component in Oracle Supply Chain Products Suite 6.1.3.0 and 6.2.0.0 allows remote attackers to affect availability via vectors related to Engineering Communication Interface.

Do I need to act?

0.31% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 3.1/10 Low

ADJACENT_NETWORK / HIGH complexity

Affected Products (2)

Agile Engineering Data Management

Affected Vendors

Oracle

References (4)

Vendor Advisory http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html

http://www.securitytracker.com/id/1035591

Vendor Advisory http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html

http://www.securitytracker.com/id/1035591

/ 100

low-risk

Severity 8/34 · Low

Exploitability 1/34 · Minimal

Exposure 7/34 · Low