{"url":"http://public2.vulnerablecode.io/api/packages/159698?format=json","purl":"pkg:rpm/redhat/openchange@2.0-4.el7_1?arch=1","type":"rpm","namespace":"redhat","name":"openchange","version":"2.0-4.el7_1","qualifiers":{"arch":"1"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/100672?format=json","vulnerability_id":"VCID-enbr-g8ae-ubbc","summary":"Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof LDAPS and HTTPS servers and obtain sensitive information via a crafted certificate.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2113.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2113.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2113","reference_id":"","reference_type":"","scores":[{"value":"0.04197","scoring_system":"epss","scoring_elements":"0.88919","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2113"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5370","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5370"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2110","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2110"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2111","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2111"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2112","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2112"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2113","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2113"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2114","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2114"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2115","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2115"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2118","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2118"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1311910","reference_id":"1311910","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1311910"},{"reference_url":"https://security.gentoo.org/glsa/201612-47","reference_id":"GLSA-201612-47","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201612-47"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0612","reference_id":"RHSA-2016:0612","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0612"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0614","reference_id":"RHSA-2016:0614","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0614"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0618","reference_id":"RHSA-2016:0618","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0618"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0620","reference_id":"RHSA-2016:0620","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0620"}],"fixed_packages":[],"aliases":["CVE-2016-2113"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-enbr-g8ae-ubbc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/100671?format=json","vulnerability_id":"VCID-yt92-mfwy-z7er","summary":"The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the \"client ldap sasl wrapping\" setting, which allows man-in-the-middle attackers to perform LDAP protocol-downgrade attacks by modifying the client-server data stream.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2112.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2112.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2112","reference_id":"","reference_type":"","scores":[{"value":"0.16609","scoring_system":"epss","scoring_elements":"0.95043","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2112"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5370","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5370"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2110","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2110"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2111","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2111"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2112","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2112"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2113","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2113"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2114","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2114"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2115","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2115"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2118","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2118"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1311903","reference_id":"1311903","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1311903"},{"reference_url":"https://security.gentoo.org/glsa/201612-47","reference_id":"GLSA-201612-47","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201612-47"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0611","reference_id":"RHSA-2016:0611","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0611"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0612","reference_id":"RHSA-2016:0612","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0612"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0613","reference_id":"RHSA-2016:0613","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0613"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0614","reference_id":"RHSA-2016:0614","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0614"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0618","reference_id":"RHSA-2016:0618","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0618"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0619","reference_id":"RHSA-2016:0619","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0619"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0620","reference_id":"RHSA-2016:0620","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0620"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0624","reference_id":"RHSA-2016:0624","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0624"}],"fixed_packages":[],"aliases":["CVE-2016-2112"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yt92-mfwy-z7er"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openchange@2.0-4.el7_1%3Farch=1"}