CVE-2016-6936

7.5HIGH

Key Information:

Vendor: Adobe
Status: Air Sdk \& Compiler
Vendor: CVE Published:; 16 September 2016

Summary

Adobe AIR SDK & Compiler before 23.0.0.257 on Windows does not support Android runtime-analytics transport security, which might allow remote attackers to obtain sensitive information by leveraging access to a network over which analytics data is sent.

References

https://helpx.adobe.com/security/products/air/apsb16-31.html

x_refsource_CONFIRM

http://www.securityfocus.com/bid/92926

vdb-entryx_refsource_BID

http://www.securitytracker.com/id/1036792

vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 16, 2016
Vulnerability Reserved
Aug 23, 2016

.