CVE-2016-5722

EPSS 0.21%
Veröffentlicht 24.06.2016 17:59:04
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Huawei OceanStor 5300 V3, 5500 V3, 5600 V3, 5800 V3, 6800 V3, 18800 V3, and 18500 V3 before V300R003C10 sends the plaintext session token in the HTTP header, which allows remote attackers to conduct replay attacks and obtain sensitive information by sniffing the network.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Huawei ≫ Ocean Stor Firmware Version <= v300r003c00spc100

Huawei ≫ Ocean Stor 18500 V3 Version-
Huawei ≫ Ocean Stor 18800 V3 Version-

Huawei ≫ Ocean Stor Firmware Version <= v300r002c10spc200

   Huawei ≫ Ocean Stor 5300 V3 Version-
   Huawei ≫ Ocean Stor 5500 V3 Version-
   Huawei ≫ Ocean Stor 5600 V3 Version-
   Huawei ≫ Ocean Stor 5800 V3 Version-
   Huawei ≫ Ocean Stor 6800 V3 Version-

Huawei ≫ Ocean Stor Firmware Version <= v300r003c00spc100

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.21%	0.4

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.3	3.9	3.4	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160615-01-oceanstor-en

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2016-5722

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-5722

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-5722

EUVD