VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-5gjz-298a-s7cm

Essentials
Severities (35)
References (18)
Severity details (32)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-5gjz-298a-s7cm
Aliases	CVE-2016-8638 GHSA-376m-3rm2-9jm6
Summary
Status	Published
Exploitability	0.5
Weighted Severity	9.0
Risk	4.5
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-287	Improper Authentication
CWE-384	Session Fixation
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3.1	9.1	http://rhn.redhat.com/errata/RHSA-2016-2809.html
generic_textual	CRITICAL	http://rhn.redhat.com/errata/RHSA-2016-2809.html
cvssv3.1	9.1	https://access.redhat.com/errata/RHSA-2016:2809
generic_textual	CRITICAL	https://access.redhat.com/errata/RHSA-2016:2809
cvssv3	8.2	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8638.json
cvssv3.1	9.1	https://access.redhat.com/security/cve/CVE-2016-8638
generic_textual	CRITICAL	https://access.redhat.com/security/cve/CVE-2016-8638
epss	0.07142	https://api.first.org/data/v1/epss?cve=CVE-2016-8638
epss	0.07142	https://api.first.org/data/v1/epss?cve=CVE-2016-8638
epss	0.07142	https://api.first.org/data/v1/epss?cve=CVE-2016-8638
cvssv3.1	9.1	https://bugzilla.redhat.com/show_bug.cgi?id=1392829
generic_textual	CRITICAL	https://bugzilla.redhat.com/show_bug.cgi?id=1392829
cvssv3.1	9.1	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8638
generic_textual	CRITICAL	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8638
cvssv3.1_qr	CRITICAL	https://github.com/advisories/GHSA-376m-3rm2-9jm6
cvssv3.1	9.1	https://github.com/ipsilon-project/ipsilon
generic_textual	CRITICAL	https://github.com/ipsilon-project/ipsilon
cvssv3.1	9.1	https://github.com/ipsilon-project/ipsilon/commit/1c48414877fc110652b6078a29529972c7ec9122
generic_textual	CRITICAL	https://github.com/ipsilon-project/ipsilon/commit/1c48414877fc110652b6078a29529972c7ec9122
cvssv3.1	9.1	https://github.com/ipsilon-project/ipsilon/commit/64fc366c054fc6af1d9d2692902db169884b5f78
generic_textual	CRITICAL	https://github.com/ipsilon-project/ipsilon/commit/64fc366c054fc6af1d9d2692902db169884b5f78
cvssv3.1	9.1	https://github.com/ipsilon-project/ipsilon/commit/a33303b6beb5c316d7c18b23566b7666a4e307a4
generic_textual	CRITICAL	https://github.com/ipsilon-project/ipsilon/commit/a33303b6beb5c316d7c18b23566b7666a4e307a4
cvssv3.1	9.1	https://github.com/ipsilon-project/ipsilon/commit/b4744a92d4fa7f6d7ade0ae2d99a2dc0ea94734d
generic_textual	CRITICAL	https://github.com/ipsilon-project/ipsilon/commit/b4744a92d4fa7f6d7ade0ae2d99a2dc0ea94734d
cvssv3.1	9.1	https://ipsilon-project.org/advisory/CVE-2016-8638.txt
generic_textual	CRITICAL	https://ipsilon-project.org/advisory/CVE-2016-8638.txt
cvssv3.1	9.1	https://ipsilon-project.org/release/2.1.0.html
generic_textual	CRITICAL	https://ipsilon-project.org/release/2.1.0.html
cvssv3.1	9.1	https://nvd.nist.gov/vuln/detail/CVE-2016-8638
generic_textual	CRITICAL	https://nvd.nist.gov/vuln/detail/CVE-2016-8638
cvssv3.1	9.1	https://pagure.io/ipsilon/c/511fa8b7001c2f9a42301aa1d4b85aaf170a461c
generic_textual	CRITICAL	https://pagure.io/ipsilon/c/511fa8b7001c2f9a42301aa1d4b85aaf170a461c
cvssv3.1	9.1	http://www.securityfocus.com/bid/94439
generic_textual	CRITICAL	http://www.securityfocus.com/bid/94439

Reference id	Reference type	URL
		http://rhn.redhat.com/errata/RHSA-2016-2809.html
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8638.json
		https://access.redhat.com/security/cve/CVE-2016-8638
		https://api.first.org/data/v1/epss?cve=CVE-2016-8638
		https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8638
		https://github.com/ipsilon-project/ipsilon
		https://github.com/ipsilon-project/ipsilon/commit/1c48414877fc110652b6078a29529972c7ec9122
		https://github.com/ipsilon-project/ipsilon/commit/64fc366c054fc6af1d9d2692902db169884b5f78
		https://github.com/ipsilon-project/ipsilon/commit/a33303b6beb5c316d7c18b23566b7666a4e307a4
		https://github.com/ipsilon-project/ipsilon/commit/b4744a92d4fa7f6d7ade0ae2d99a2dc0ea94734d
		https://ipsilon-project.org/advisory/CVE-2016-8638.txt
		https://ipsilon-project.org/release/2.1.0.html
		https://nvd.nist.gov/vuln/detail/CVE-2016-8638
		https://pagure.io/ipsilon/c/511fa8b7001c2f9a42301aa1d4b85aaf170a461c
		http://www.securityfocus.com/bid/94439
1392829		https://bugzilla.redhat.com/show_bug.cgi?id=1392829
GHSA-376m-3rm2-9jm6		https://github.com/advisories/GHSA-376m-3rm2-9jm6
RHSA-2016:2809		https://access.redhat.com/errata/RHSA-2016:2809

No exploits are available.

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H Found at http://rhn.redhat.com/errata/RHSA-2016-2809.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2016:2809

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8638.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H Found at https://access.redhat.com/security/cve/CVE-2016-8638

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H Found at https://bugzilla.redhat.com/show_bug.cgi?id=1392829

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H Found at https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8638

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H Found at https://github.com/ipsilon-project/ipsilon

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H Found at https://github.com/ipsilon-project/ipsilon/commit/1c48414877fc110652b6078a29529972c7ec9122

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H Found at https://github.com/ipsilon-project/ipsilon/commit/64fc366c054fc6af1d9d2692902db169884b5f78

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H Found at https://github.com/ipsilon-project/ipsilon/commit/a33303b6beb5c316d7c18b23566b7666a4e307a4

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H Found at https://github.com/ipsilon-project/ipsilon/commit/b4744a92d4fa7f6d7ade0ae2d99a2dc0ea94734d

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H Found at https://ipsilon-project.org/advisory/CVE-2016-8638.txt

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H Found at https://ipsilon-project.org/release/2.1.0.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2016-8638

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H Found at https://pagure.io/ipsilon/c/511fa8b7001c2f9a42301aa1d4b85aaf170a461c

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H Found at http://www.securityfocus.com/bid/94439

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.91747
EPSS Score	0.07142
Published At	June 11, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-12T01:35:50.917455+00:00	EPSS Importer	Import	https://epss.cyentia.com/epss_scores-current.csv.gz	38.6.0