How severe is CVE-2016-8325?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.1 out of 10.

What type of vulnerability is CVE-2016-8325?

This is classified as CWE-284, which is a common weakness in software security.

CVE-2016-8325 - CRITICAL Severity | CVSS 9.1

Vulnerability Description

Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Internal Operations). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle One-to-One Fulfillment accessible data as well as unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data. CVSS v3.0 Base Score 9.1 (Confidentiality and Integrity impacts).

Related Vulnerabilities

CVE-2013-5654

CRITICAL

CVSS:9.1(Critical)

Vulnerability in YingZhi Python Programming Language v1.9 allows arbitrary anonymous uploads to the phone's storage

CWE-2842013

CVE-2015-1000009

CRITICAL

CVSS:9.1(Critical)

Open proxy in Wordpress plugin google-adsense-and-hotel-booking v1.05

CWE-2842015

CVE-2015-8361

CRITICAL

CVSS:9.1(Critical)

Multiple unspecified services in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 do not require authentication, which allows remote attackers to obtain sensitive information, modify settings, o...

CWE-2842015

CVE-2016-4501

CRITICAL

CVSS:9.1(Critical)

Environmental Systems Corporation (ESC) 8832 Data Controller 3.02 and earlier mishandles sessions, which allows remote attackers to bypass authentication and make arbitrary configuration changes via u...

CWE-2842016

CVE-2016-4694

CRITICAL

CVSS:9.1(Critical)

The Apache HTTP Server in Apple OS X before 10.12 and OS X Server before 5.2 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted CGI client data ...

CWE-2842016

CVE-2016-5599

CRITICAL

CVSS:9.1(Critical)

Unspecified vulnerability in the Oracle Advanced Supply Chain Planning component in Oracle Supply Chain Products Suite 12.2.3 through 12.2.5 allows remote attackers to affect confidentiality and integ...

CWE-2842016