Search for vulnerabilities
Vulnerability details: VCID-xmkv-s3ye-aaae
Vulnerability ID VCID-xmkv-s3ye-aaae
Aliases CVE-2015-0204
VC-OPENSSL-20150106-CVE-2015-0204
Summary An OpenSSL client will accept the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. A server could present a weak temporary key and downgrade the security of the session.
Status Published
Exploitability 2.0
Weighted Severity 8.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-310 Cryptographic Issues
CWE-327 Use of a Broken or Risky Cryptographic Algorithm
CWE-757 Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')
System Score Found at
generic_textual MODERATE http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html
generic_textual LOW http://marc.info/?l=bugtraq&m=144050155601375&w=2
generic_textual Low http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-0204.html
cvssv3.1 7.5 http://rhn.redhat.com/errata/RHSA-2015-0849.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2015-0849.html
rhas Moderate https://access.redhat.com/errata/RHSA-2015:0066
rhas Moderate https://access.redhat.com/errata/RHSA-2015:0800
rhas Important https://access.redhat.com/errata/RHSA-2015:0849
rhas Important https://access.redhat.com/errata/RHSA-2016:1650
cvssv3 5.3 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0204.json
epss 0.89528 https://api.first.org/data/v1/epss?cve=CVE-2015-0204
epss 0.89528 https://api.first.org/data/v1/epss?cve=CVE-2015-0204
epss 0.89528 https://api.first.org/data/v1/epss?cve=CVE-2015-0204
epss 0.89528 https://api.first.org/data/v1/epss?cve=CVE-2015-0204
epss 0.92433 https://api.first.org/data/v1/epss?cve=CVE-2015-0204
epss 0.92433 https://api.first.org/data/v1/epss?cve=CVE-2015-0204
epss 0.92433 https://api.first.org/data/v1/epss?cve=CVE-2015-0204
epss 0.92433 https://api.first.org/data/v1/epss?cve=CVE-2015-0204
epss 0.92433 https://api.first.org/data/v1/epss?cve=CVE-2015-0204
epss 0.92433 https://api.first.org/data/v1/epss?cve=CVE-2015-0204
epss 0.92433 https://api.first.org/data/v1/epss?cve=CVE-2015-0204
epss 0.92433 https://api.first.org/data/v1/epss?cve=CVE-2015-0204
epss 0.92433 https://api.first.org/data/v1/epss?cve=CVE-2015-0204
epss 0.92433 https://api.first.org/data/v1/epss?cve=CVE-2015-0204
epss 0.92433 https://api.first.org/data/v1/epss?cve=CVE-2015-0204
epss 0.92433 https://api.first.org/data/v1/epss?cve=CVE-2015-0204
epss 0.92433 https://api.first.org/data/v1/epss?cve=CVE-2015-0204
epss 0.92433 https://api.first.org/data/v1/epss?cve=CVE-2015-0204
epss 0.92433 https://api.first.org/data/v1/epss?cve=CVE-2015-0204
epss 0.92473 https://api.first.org/data/v1/epss?cve=CVE-2015-0204
epss 0.92473 https://api.first.org/data/v1/epss?cve=CVE-2015-0204
epss 0.92473 https://api.first.org/data/v1/epss?cve=CVE-2015-0204
epss 0.92473 https://api.first.org/data/v1/epss?cve=CVE-2015-0204
epss 0.92473 https://api.first.org/data/v1/epss?cve=CVE-2015-0204
epss 0.92473 https://api.first.org/data/v1/epss?cve=CVE-2015-0204
epss 0.92473 https://api.first.org/data/v1/epss?cve=CVE-2015-0204
epss 0.93128 https://api.first.org/data/v1/epss?cve=CVE-2015-0204
epss 0.94879 https://api.first.org/data/v1/epss?cve=CVE-2015-0204
epss 0.94879 https://api.first.org/data/v1/epss?cve=CVE-2015-0204
epss 0.94879 https://api.first.org/data/v1/epss?cve=CVE-2015-0204
epss 0.94879 https://api.first.org/data/v1/epss?cve=CVE-2015-0204
epss 0.94879 https://api.first.org/data/v1/epss?cve=CVE-2015-0204
epss 0.94879 https://api.first.org/data/v1/epss?cve=CVE-2015-0204
epss 0.94879 https://api.first.org/data/v1/epss?cve=CVE-2015-0204
epss 0.94879 https://api.first.org/data/v1/epss?cve=CVE-2015-0204
epss 0.94879 https://api.first.org/data/v1/epss?cve=CVE-2015-0204
epss 0.94879 https://api.first.org/data/v1/epss?cve=CVE-2015-0204
epss 0.94879 https://api.first.org/data/v1/epss?cve=CVE-2015-0204
epss 0.94879 https://api.first.org/data/v1/epss?cve=CVE-2015-0204
epss 0.94879 https://api.first.org/data/v1/epss?cve=CVE-2015-0204
epss 0.94879 https://api.first.org/data/v1/epss?cve=CVE-2015-0204
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206
cvssv2 10 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv2 4.3 https://nvd.nist.gov/vuln/detail/CVE-2015-0204
generic_textual Medium https://ubuntu.com/security/notices/USN-2459-1
generic_textual Low https://www.openssl.org/news/secadv/20150108.txt
generic_textual Medium https://www.openssl.org/news/secadv_20150108.txt
cvssv3.1 9.8 http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
generic_textual CRITICAL http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
cvssv3.1 9.8 http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
generic_textual CRITICAL http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
cvssv3.1 7.5 http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
generic_textual HIGH http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
cvssv3.1 6.1 http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
generic_textual MODERATE http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
generic_textual MODERATE http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
generic_textual MODERATE http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
generic_textual HIGH http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
generic_textual HIGH http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
cvssv3.1 7.5 http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
generic_textual HIGH http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
Reference id Reference type URL
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10679
http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
http://marc.info/?l=bugtraq&m=142496179803395&w=2
http://marc.info/?l=bugtraq&m=142496289803847&w=2
http://marc.info/?l=bugtraq&m=142720981827617&w=2
http://marc.info/?l=bugtraq&m=142721102728110&w=2
http://marc.info/?l=bugtraq&m=142895206924048&w=2
http://marc.info/?l=bugtraq&m=143213830203296&w=2
http://marc.info/?l=bugtraq&m=143748090628601&w=2
http://marc.info/?l=bugtraq&m=144043644216842&w=2
http://marc.info/?l=bugtraq&m=144050155601375&w=2
http://marc.info/?l=bugtraq&m=144050205101530&w=2
http://marc.info/?l=bugtraq&m=144050254401665&w=2
http://marc.info/?l=bugtraq&m=144050297101809&w=2
http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-0204.html
http://rhn.redhat.com/errata/RHSA-2015-0066.html
http://rhn.redhat.com/errata/RHSA-2015-0800.html
http://rhn.redhat.com/errata/RHSA-2015-0849.html
http://rhn.redhat.com/errata/RHSA-2016-1650.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0204.json
https://api.first.org/data/v1/epss?cve=CVE-2015-0204
https://bto.bluecoat.com/security-advisory/sa88
https://bto.bluecoat.com/security-advisory/sa91
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206
https://exchange.xforce.ibmcloud.com/vulnerabilities/99707
https://freakattack.com/
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/openssl/openssl/commit/ce325c60c74b0fa784f5872404b722e120e5cab0
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241
https://kc.mcafee.com/corporate/index?page=content&id=SB10102
https://kc.mcafee.com/corporate/index?page=content&id=SB10108
https://kc.mcafee.com/corporate/index?page=content&id=SB10110
https://security.gentoo.org/glsa/201503-11
https://support.apple.com/HT204659
https://support.citrix.com/article/CTX216642
https://ubuntu.com/security/notices/USN-2459-1
http://support.novell.com/security/cve/CVE-2015-0204.html
https://www.openssl.org/news/secadv/20150108.txt
https://www.openssl.org/news/secadv_20150108.txt
https://www.openssl.org/news/secadv_20150319.txt
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl
http://www-01.ibm.com/support/docview.wss?uid=swg21883640
http://www-304.ibm.com/support/docview.wss?uid=swg21960769
http://www.debian.org/security/2015/dsa-3125
http://www.mandriva.com/security/advisories?name=MDVSA-2015:019
http://www.mandriva.com/security/advisories?name=MDVSA-2015:062
http://www.mandriva.com/security/advisories?name=MDVSA-2015:063
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
http://www.securityfocus.com/bid/71936
http://www.securityfocus.com/bid/91787
http://www.securitytracker.com/id/1033378
cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.0o:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0o:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*
CVE-2015-0204 https://nvd.nist.gov/vuln/detail/CVE-2015-0204
RHEA-2015:0955 https://bugzilla.redhat.com/show_bug.cgi?id=1180184
RHSA-2015:0066 https://access.redhat.com/errata/RHSA-2015:0066
RHSA-2015:0800 https://access.redhat.com/errata/RHSA-2015:0800
RHSA-2015:0849 https://access.redhat.com/errata/RHSA-2015:0849
RHSA-2016:1650 https://access.redhat.com/errata/RHSA-2016:1650
USN-2459-1 https://usn.ubuntu.com/2459-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at http://rhn.redhat.com/errata/RHSA-2015-0849.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0204.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2015-0204
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.99522
EPSS Score 0.89528
Published At May 1, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.