Directory Traversal Vulnerability in Oracle Enterprise Manager Grid Control
CVE-2016-0481

Currently unrated

Key Information:

Vendor: Oracle
Status: Enterprise Manager Grid Control
Vendor: CVE Published:; 21 January 2016

What is CVE-2016-0481?

An unspecified vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Grid Control can be exploited by remote attackers to potentially compromise confidentiality. This vulnerability appears to relate to the Test Manager for Web Apps functionality. Notably, it may allow unauthorized access to sensitive files through directory traversal techniques in certain parameters, such as scheduleReportName. Oracle has acknowledged this issue, but specifics on the attack vectors remain undisclosed.

References

http://www.securityfocus.com/bid/81097

vdb-entryx_refsource_BID

http://www.oracle.com/technetwork/topics/security/cpujan2...

x_refsource_CONFIRM

http://www.zerodayinitiative.com/advisories/ZDI-16-044

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 21, 2016
Vulnerability Reserved
Dec 9, 2015