VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-63q1-581t-aaag

Essentials
Severities (144)
References (55)
Severity details (56)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-63q1-581t-aaag
Aliases	CVE-2016-2141 GHSA-rc7h-x6cq-988q
Summary	Authorization bypass in JGroups JGroups does not require the proper headers for the ENCRYPT and AUTH protocols from nodes joining the cluster, which allows remote attackers to bypass security restrictions and send and receive messages within the cluster via unspecified vectors.
Status	Published
Exploitability	0.5
Weighted Severity	9.0
Risk	4.5
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-20	Improper Input Validation
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-264	Permissions, Privileges, and Access Controls
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3.1	9.8	http://rhn.redhat.com/errata/RHSA-2016-1435.html
generic_textual	CRITICAL	http://rhn.redhat.com/errata/RHSA-2016-1435.html
cvssv3.1	9.8	http://rhn.redhat.com/errata/RHSA-2016-1439.html
generic_textual	CRITICAL	http://rhn.redhat.com/errata/RHSA-2016-1439.html
cvssv3.1	9.8	http://rhn.redhat.com/errata/RHSA-2016-2035.html
generic_textual	CRITICAL	http://rhn.redhat.com/errata/RHSA-2016-2035.html
rhas	Critical	https://access.redhat.com/errata/RHSA-2016:1328
rhas	Critical	https://access.redhat.com/errata/RHSA-2016:1329
rhas	Critical	https://access.redhat.com/errata/RHSA-2016:1330
rhas	Critical	https://access.redhat.com/errata/RHSA-2016:1331
rhas	Critical	https://access.redhat.com/errata/RHSA-2016:1332
rhas	Critical	https://access.redhat.com/errata/RHSA-2016:1333
rhas	Critical	https://access.redhat.com/errata/RHSA-2016:1334
cvssv3.1	9.8	https://access.redhat.com/errata/RHSA-2016:1345
generic_textual	CRITICAL	https://access.redhat.com/errata/RHSA-2016:1345
cvssv3.1	9.8	https://access.redhat.com/errata/RHSA-2016:1346
generic_textual	CRITICAL	https://access.redhat.com/errata/RHSA-2016:1346
cvssv3.1	9.8	https://access.redhat.com/errata/RHSA-2016:1347
generic_textual	CRITICAL	https://access.redhat.com/errata/RHSA-2016:1347
cvssv3.1	9.8	https://access.redhat.com/errata/RHSA-2016:1374
generic_textual	CRITICAL	https://access.redhat.com/errata/RHSA-2016:1374
rhas	Critical	https://access.redhat.com/errata/RHSA-2016:1376
cvssv3.1	9.8	https://access.redhat.com/errata/RHSA-2016:1389
generic_textual	CRITICAL	https://access.redhat.com/errata/RHSA-2016:1389
rhas	Critical	https://access.redhat.com/errata/RHSA-2016:1432
rhas	Critical	https://access.redhat.com/errata/RHSA-2016:1433
rhas	Critical	https://access.redhat.com/errata/RHSA-2016:1434
rhas	Critical	https://access.redhat.com/errata/RHSA-2016:1435
rhas	Critical	https://access.redhat.com/errata/RHSA-2016:1439
rhas	Important	https://access.redhat.com/errata/RHSA-2016:2035
cvssv3	9.8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2141.json
epss	0.00747	https://api.first.org/data/v1/epss?cve=CVE-2016-2141
epss	0.00747	https://api.first.org/data/v1/epss?cve=CVE-2016-2141
epss	0.00747	https://api.first.org/data/v1/epss?cve=CVE-2016-2141
epss	0.00747	https://api.first.org/data/v1/epss?cve=CVE-2016-2141
epss	0.00747	https://api.first.org/data/v1/epss?cve=CVE-2016-2141
epss	0.00747	https://api.first.org/data/v1/epss?cve=CVE-2016-2141
epss	0.00747	https://api.first.org/data/v1/epss?cve=CVE-2016-2141
epss	0.00747	https://api.first.org/data/v1/epss?cve=CVE-2016-2141
epss	0.00747	https://api.first.org/data/v1/epss?cve=CVE-2016-2141
epss	0.00747	https://api.first.org/data/v1/epss?cve=CVE-2016-2141
epss	0.00747	https://api.first.org/data/v1/epss?cve=CVE-2016-2141
epss	0.00932	https://api.first.org/data/v1/epss?cve=CVE-2016-2141
epss	0.00932	https://api.first.org/data/v1/epss?cve=CVE-2016-2141
epss	0.00932	https://api.first.org/data/v1/epss?cve=CVE-2016-2141
epss	0.00932	https://api.first.org/data/v1/epss?cve=CVE-2016-2141
epss	0.01198	https://api.first.org/data/v1/epss?cve=CVE-2016-2141
epss	0.01198	https://api.first.org/data/v1/epss?cve=CVE-2016-2141
epss	0.01198	https://api.first.org/data/v1/epss?cve=CVE-2016-2141
epss	0.01198	https://api.first.org/data/v1/epss?cve=CVE-2016-2141
epss	0.01198	https://api.first.org/data/v1/epss?cve=CVE-2016-2141
epss	0.01198	https://api.first.org/data/v1/epss?cve=CVE-2016-2141
epss	0.01198	https://api.first.org/data/v1/epss?cve=CVE-2016-2141
epss	0.01198	https://api.first.org/data/v1/epss?cve=CVE-2016-2141
epss	0.01198	https://api.first.org/data/v1/epss?cve=CVE-2016-2141
epss	0.01198	https://api.first.org/data/v1/epss?cve=CVE-2016-2141
epss	0.01198	https://api.first.org/data/v1/epss?cve=CVE-2016-2141
epss	0.01198	https://api.first.org/data/v1/epss?cve=CVE-2016-2141
epss	0.01198	https://api.first.org/data/v1/epss?cve=CVE-2016-2141
epss	0.01198	https://api.first.org/data/v1/epss?cve=CVE-2016-2141
epss	0.01198	https://api.first.org/data/v1/epss?cve=CVE-2016-2141
epss	0.01198	https://api.first.org/data/v1/epss?cve=CVE-2016-2141
epss	0.016	https://api.first.org/data/v1/epss?cve=CVE-2016-2141
epss	0.016	https://api.first.org/data/v1/epss?cve=CVE-2016-2141
epss	0.016	https://api.first.org/data/v1/epss?cve=CVE-2016-2141
epss	0.016	https://api.first.org/data/v1/epss?cve=CVE-2016-2141
epss	0.016	https://api.first.org/data/v1/epss?cve=CVE-2016-2141
epss	0.016	https://api.first.org/data/v1/epss?cve=CVE-2016-2141
epss	0.01638	https://api.first.org/data/v1/epss?cve=CVE-2016-2141
epss	0.01638	https://api.first.org/data/v1/epss?cve=CVE-2016-2141
epss	0.01638	https://api.first.org/data/v1/epss?cve=CVE-2016-2141
epss	0.01638	https://api.first.org/data/v1/epss?cve=CVE-2016-2141
epss	0.01638	https://api.first.org/data/v1/epss?cve=CVE-2016-2141
epss	0.01638	https://api.first.org/data/v1/epss?cve=CVE-2016-2141
epss	0.01638	https://api.first.org/data/v1/epss?cve=CVE-2016-2141
epss	0.01638	https://api.first.org/data/v1/epss?cve=CVE-2016-2141
epss	0.01638	https://api.first.org/data/v1/epss?cve=CVE-2016-2141
epss	0.01638	https://api.first.org/data/v1/epss?cve=CVE-2016-2141
epss	0.01638	https://api.first.org/data/v1/epss?cve=CVE-2016-2141
epss	0.01638	https://api.first.org/data/v1/epss?cve=CVE-2016-2141
epss	0.01638	https://api.first.org/data/v1/epss?cve=CVE-2016-2141
epss	0.01638	https://api.first.org/data/v1/epss?cve=CVE-2016-2141
epss	0.01638	https://api.first.org/data/v1/epss?cve=CVE-2016-2141
epss	0.01638	https://api.first.org/data/v1/epss?cve=CVE-2016-2141
epss	0.01638	https://api.first.org/data/v1/epss?cve=CVE-2016-2141
epss	0.01638	https://api.first.org/data/v1/epss?cve=CVE-2016-2141
epss	0.01638	https://api.first.org/data/v1/epss?cve=CVE-2016-2141
epss	0.01638	https://api.first.org/data/v1/epss?cve=CVE-2016-2141
epss	0.01638	https://api.first.org/data/v1/epss?cve=CVE-2016-2141
epss	0.01638	https://api.first.org/data/v1/epss?cve=CVE-2016-2141
epss	0.01638	https://api.first.org/data/v1/epss?cve=CVE-2016-2141
epss	0.01638	https://api.first.org/data/v1/epss?cve=CVE-2016-2141
epss	0.01638	https://api.first.org/data/v1/epss?cve=CVE-2016-2141
epss	0.01638	https://api.first.org/data/v1/epss?cve=CVE-2016-2141
epss	0.01638	https://api.first.org/data/v1/epss?cve=CVE-2016-2141
epss	0.01638	https://api.first.org/data/v1/epss?cve=CVE-2016-2141
epss	0.01638	https://api.first.org/data/v1/epss?cve=CVE-2016-2141
epss	0.01638	https://api.first.org/data/v1/epss?cve=CVE-2016-2141
epss	0.01638	https://api.first.org/data/v1/epss?cve=CVE-2016-2141
epss	0.01638	https://api.first.org/data/v1/epss?cve=CVE-2016-2141
epss	0.01638	https://api.first.org/data/v1/epss?cve=CVE-2016-2141
epss	0.01638	https://api.first.org/data/v1/epss?cve=CVE-2016-2141
epss	0.01638	https://api.first.org/data/v1/epss?cve=CVE-2016-2141
epss	0.0315	https://api.first.org/data/v1/epss?cve=CVE-2016-2141
rhbs	urgent	https://bugzilla.redhat.com/show_bug.cgi?id=1313589
cvssv2	7.5	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr	CRITICAL	https://github.com/advisories/GHSA-rc7h-x6cq-988q
cvssv3.1	9.8	https://github.com/belaban/JGroups
generic_textual	CRITICAL	https://github.com/belaban/JGroups
cvssv3.1	9.8	https://github.com/belaban/JGroups/commit/eeaf5241cce464ef21a2dfc4938729ade9ebef36
generic_textual	CRITICAL	https://github.com/belaban/JGroups/commit/eeaf5241cce464ef21a2dfc4938729ade9ebef36
cvssv3.1	9.8	https://issues.jboss.org/browse/JGRP-2021
generic_textual	CRITICAL	https://issues.jboss.org/browse/JGRP-2021
cvssv3.1	9.8	https://issues.redhat.com/browse/JGRP-2055
generic_textual	CRITICAL	https://issues.redhat.com/browse/JGRP-2055
cvssv3.1	9.8	https://issues.redhat.com/browse/JGRP-2074
generic_textual	CRITICAL	https://issues.redhat.com/browse/JGRP-2074
cvssv3.1	9.8	https://lists.apache.org/thread.html/ra18cac97416abc2958db0b107877c31da28d884fa6e70fd89c87384a@%3Cdev.geode.apache.org%3E
generic_textual	CRITICAL	https://lists.apache.org/thread.html/ra18cac97416abc2958db0b107877c31da28d884fa6e70fd89c87384a@%3Cdev.geode.apache.org%3E
cvssv3.1	9.8	https://lists.apache.org/thread.html/rb37cc937d4fc026fb56de4b4ec0d054aa4083c1a4edd0d8360c068a0@%3Cdev.geode.apache.org%3E
generic_textual	CRITICAL	https://lists.apache.org/thread.html/rb37cc937d4fc026fb56de4b4ec0d054aa4083c1a4edd0d8360c068a0@%3Cdev.geode.apache.org%3E
cvssv2	7.5	https://nvd.nist.gov/vuln/detail/CVE-2016-2141
cvssv3	9.8	https://nvd.nist.gov/vuln/detail/CVE-2016-2141
cvssv3.1	9.8	https://nvd.nist.gov/vuln/detail/CVE-2016-2141
cvssv3.1	9.8	https://rhn.redhat.com/errata/RHSA-2016-1328.html
generic_textual	CRITICAL	https://rhn.redhat.com/errata/RHSA-2016-1328.html
cvssv3.1	9.8	https://rhn.redhat.com/errata/RHSA-2016-1329.html
generic_textual	CRITICAL	https://rhn.redhat.com/errata/RHSA-2016-1329.html
cvssv3.1	9.8	https://rhn.redhat.com/errata/RHSA-2016-1330.html
generic_textual	CRITICAL	https://rhn.redhat.com/errata/RHSA-2016-1330.html
cvssv3.1	9.8	https://rhn.redhat.com/errata/RHSA-2016-1331.html
generic_textual	CRITICAL	https://rhn.redhat.com/errata/RHSA-2016-1331.html
cvssv3.1	9.8	https://rhn.redhat.com/errata/RHSA-2016-1332.html
generic_textual	CRITICAL	https://rhn.redhat.com/errata/RHSA-2016-1332.html
cvssv3.1	9.8	https://rhn.redhat.com/errata/RHSA-2016-1333.html
generic_textual	CRITICAL	https://rhn.redhat.com/errata/RHSA-2016-1333.html
cvssv3.1	9.8	https://rhn.redhat.com/errata/RHSA-2016-1334.html
generic_textual	CRITICAL	https://rhn.redhat.com/errata/RHSA-2016-1334.html
cvssv3.1	9.8	https://web.archive.org/web/20161013163606/http://www.securityfocus.com/bid/91481
generic_textual	CRITICAL	https://web.archive.org/web/20161013163606/http://www.securityfocus.com/bid/91481
cvssv3.1	9.8	https://web.archive.org/web/20201207092245/http://www.securitytracker.com/id/1036165
generic_textual	CRITICAL	https://web.archive.org/web/20201207092245/http://www.securitytracker.com/id/1036165
cvssv3.1	9.8	https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
generic_textual	LOW	https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

Reference id	Reference type	URL
		http://rhn.redhat.com/errata/RHSA-2016-1435.html
		http://rhn.redhat.com/errata/RHSA-2016-1439.html
		http://rhn.redhat.com/errata/RHSA-2016-2035.html
		https://access.redhat.com/errata/RHSA-2016:1345
		https://access.redhat.com/errata/RHSA-2016:1346
		https://access.redhat.com/errata/RHSA-2016:1347
		https://access.redhat.com/errata/RHSA-2016:1374
		https://access.redhat.com/errata/RHSA-2016:1389
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2141.json
		https://api.first.org/data/v1/epss?cve=CVE-2016-2141
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2141
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/belaban/JGroups
		https://github.com/belaban/JGroups/commit/38a882331035ffed205d15a5c92b471fd09659c
		https://github.com/belaban/JGroups/commit/c3ad22234ef84d06d04d908b3c94c0d11df8afd
		https://github.com/belaban/JGroups/commit/eeaf5241cce464ef21a2dfc4938729ade9ebef36
		https://github.com/belaban/JGroups/commit/fba182c14075789e1d2c976d50d9018c671ad0b
		https://issues.jboss.org/browse/JGRP-2021
		https://issues.redhat.com/browse/JGRP-2055
		https://issues.redhat.com/browse/JGRP-2074
		https://lists.apache.org/thread.html/ra18cac97416abc2958db0b107877c31da28d884fa6e70fd89c87384a@%3Cdev.geode.apache.org%3E
		https://lists.apache.org/thread.html/ra18cac97416abc2958db0b107877c31da28d884fa6e70fd89c87384a%40%3Cdev.geode.apache.org%3E
		https://lists.apache.org/thread.html/rb37cc937d4fc026fb56de4b4ec0d054aa4083c1a4edd0d8360c068a0@%3Cdev.geode.apache.org%3E
		https://lists.apache.org/thread.html/rb37cc937d4fc026fb56de4b4ec0d054aa4083c1a4edd0d8360c068a0%40%3Cdev.geode.apache.org%3E
		https://rhn.redhat.com/errata/RHSA-2016-1328.html
		https://rhn.redhat.com/errata/RHSA-2016-1329.html
		https://rhn.redhat.com/errata/RHSA-2016-1330.html
		https://rhn.redhat.com/errata/RHSA-2016-1331.html
		https://rhn.redhat.com/errata/RHSA-2016-1332.html
		https://rhn.redhat.com/errata/RHSA-2016-1333.html
		https://rhn.redhat.com/errata/RHSA-2016-1334.html
		https://web.archive.org/web/20161013163606/http://www.securityfocus.com/bid/91481
		https://web.archive.org/web/20201207092245/http://www.securitytracker.com/id/1036165
		https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
		http://www.securityfocus.com/bid/91481
		http://www.securitytracker.com/id/1036165
1313589		https://bugzilla.redhat.com/show_bug.cgi?id=1313589
867493		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867493
cpe:2.3:a:redhat:jgroups::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jgroups::::::::
CVE-2016-2141		https://nvd.nist.gov/vuln/detail/CVE-2016-2141
GHSA-rc7h-x6cq-988q		https://github.com/advisories/GHSA-rc7h-x6cq-988q
RHSA-2016:1328		https://access.redhat.com/errata/RHSA-2016:1328
RHSA-2016:1329		https://access.redhat.com/errata/RHSA-2016:1329
RHSA-2016:1330		https://access.redhat.com/errata/RHSA-2016:1330
RHSA-2016:1331		https://access.redhat.com/errata/RHSA-2016:1331
RHSA-2016:1332		https://access.redhat.com/errata/RHSA-2016:1332
RHSA-2016:1333		https://access.redhat.com/errata/RHSA-2016:1333
RHSA-2016:1334		https://access.redhat.com/errata/RHSA-2016:1334
RHSA-2016:1376		https://access.redhat.com/errata/RHSA-2016:1376
RHSA-2016:1432		https://access.redhat.com/errata/RHSA-2016:1432
RHSA-2016:1433		https://access.redhat.com/errata/RHSA-2016:1433
RHSA-2016:1434		https://access.redhat.com/errata/RHSA-2016:1434
RHSA-2016:1435		https://access.redhat.com/errata/RHSA-2016:1435
RHSA-2016:1439		https://access.redhat.com/errata/RHSA-2016:1439
RHSA-2016:2035		https://access.redhat.com/errata/RHSA-2016:2035

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://rhn.redhat.com/errata/RHSA-2016-1435.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://rhn.redhat.com/errata/RHSA-2016-1439.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://rhn.redhat.com/errata/RHSA-2016-2035.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/errata/RHSA-2016:1345

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/errata/RHSA-2016:1346

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/errata/RHSA-2016:1347

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/errata/RHSA-2016:1374

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/errata/RHSA-2016:1389

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2141.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/belaban/JGroups

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/belaban/JGroups/commit/eeaf5241cce464ef21a2dfc4938729ade9ebef36

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://issues.jboss.org/browse/JGRP-2021

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://issues.redhat.com/browse/JGRP-2055

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://issues.redhat.com/browse/JGRP-2074

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.apache.org/thread.html/ra18cac97416abc2958db0b107877c31da28d884fa6e70fd89c87384a@%3Cdev.geode.apache.org%3E

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.apache.org/thread.html/rb37cc937d4fc026fb56de4b4ec0d054aa4083c1a4edd0d8360c068a0@%3Cdev.geode.apache.org%3E

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2016-2141

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2016-2141

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2016-2141

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://rhn.redhat.com/errata/RHSA-2016-1328.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://rhn.redhat.com/errata/RHSA-2016-1329.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://rhn.redhat.com/errata/RHSA-2016-1330.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://rhn.redhat.com/errata/RHSA-2016-1331.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://rhn.redhat.com/errata/RHSA-2016-1332.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://rhn.redhat.com/errata/RHSA-2016-1333.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://rhn.redhat.com/errata/RHSA-2016-1334.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://web.archive.org/web/20161013163606/http://www.securityfocus.com/bid/91481

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://web.archive.org/web/20201207092245/http://www.securitytracker.com/id/1036165

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.81350
EPSS Score	0.00747
Published At	Nov. 1, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.