CVE-2016-3505
First published: Tue Oct 25 2016(Updated: )
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.3.0, and 12.2.1.0 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to JavaServer Faces.
Credit: secalert_us@oracle.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle WebLogic Server | =10.3.6.0.0 | |
| Oracle WebLogic Server | =12.1.3.0.0 | |
| Oracle WebLogic Server | =12.2.1.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-3505?
CVE-2016-3505 has a CVSS score that indicates it has a moderate severity level.
How do I fix CVE-2016-3505?
To fix CVE-2016-3505, upgrade to a patched version of Oracle WebLogic Server as recommended in Oracle's security advisory.
Who is affected by CVE-2016-3505?
CVE-2016-3505 affects remote authenticated users of Oracle WebLogic Server versions 10.3.6.0, 12.1.3.0, and 12.2.1.0.
What type of vulnerability is CVE-2016-3505?
CVE-2016-3505 is an unspecified vulnerability related to JavaServer Faces that can impact confidentiality, integrity, and availability.
What versions of Oracle WebLogic Server are vulnerable to CVE-2016-3505?
Versions 10.3.6.0, 12.1.3.0, and 12.2.1.0 of Oracle WebLogic Server are vulnerable to CVE-2016-3505.
- agent/type
- agent/softwarecombine
- agent/severity
- agent/remedy
- agent/references
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/oracle
- canonical/oracle weblogic server
- version/oracle weblogic server/10.3.6.0.0
- version/oracle weblogic server/12.1.3.0.0
- version/oracle weblogic server/12.2.1.0.0