{"api_version":"1","generated_at":"2026-04-23T03:05:42+00:00","cve":"CVE-2016-3452","urls":{"html":"https://cve.report/CVE-2016-3452","api":"https://cve.report/api/cve/CVE-2016-3452.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2016-3452","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2016-3452"},"summary":{"title":"CVE-2016-3452","description":"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption.","state":"PUBLIC","assigner":"secalert_us@oracle.com","published_at":"2016-07-21 10:12:00","updated_at":"2019-12-27 16:08:00"},"problem_types":["NVD-CWE-noinfo"],"metrics":[],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2016-0705.html","name":"RHSA-2016:0705","refsource":"REDHAT","tags":["Third Party Advisory"],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2016-1481.html","name":"RHSA-2016:1481","refsource":"REDHAT","tags":["Third Party Advisory"],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2016-1602.html","name":"RHSA-2016:1602","refsource":"REDHAT","tags":["Third Party Advisory"],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html","name":"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html","refsource":"CONFIRM","tags":["Patch","Vendor Advisory"],"title":"Oracle Critical Patch Update - July 2016","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.securityfocus.com/bid/91787","name":"91787","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"Oracle July 2016 Critical Patch Update Multiple Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html","name":"http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"Oracle Linux Bulletin - July 2016","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/","name":"https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"MariaDB 10.1.14 Release Notes - MariaDB Knowledge Base","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/91999","name":"91999","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"Oracle MySQL CVE-2016-3452 Remote Security Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://access.redhat.com/errata/RHSA-2016:1132","name":"RHSA-2016:1132","refsource":"REDHAT","tags":["Third Party Advisory"],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/","name":"https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"MariaDB 5.5.49 Release Notes - MariaDB Knowledge Base","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168","name":"http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168","refsource":"CONFIRM","tags":["Third Party Advisory"],"title":"Security Bulletin: Multiple vulnerabilities in mariadb affect PowerKVM","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id/1036362","name":"1036362","refsource":"SECTRACK","tags":["Third Party Advisory","VDB Entry"],"title":"MySQL Multiple Bugs Let Remote Users Access Data, Remote Authenticated Users Modify Data, Local or Remote Authenticated Users Deny Service, and Local Users Gain Elevated Privileges - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2016-1480.html","name":"RHSA-2016:1480","refsource":"REDHAT","tags":["Third Party Advisory"],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/","name":"https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"MariaDB 10.0.25 Release Notes - MariaDB Knowledge Base","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2016-3452","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-3452","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2016","cve_id":"3452","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"powerkvm","cpe6":"2.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"3452","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"powerkvm","cpe6":"3.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"3452","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"powerkvm","cpe6":"2.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"3452","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ibm","cpe5":"powerkvm","cpe6":"3.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"3452","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mariadb","cpe5":"mariadb","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"3452","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mariadb","cpe5":"mariadb","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"3452","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"oracle","cpe5":"linux","cpe6":"7","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"3452","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"oracle","cpe5":"linux","cpe6":"7","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"3452","vulnerable":"1","versionEndIncluding":"5.5.48","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"mysql","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"3452","vulnerable":"1","versionEndIncluding":"5.6.29","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"mysql","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"3452","vulnerable":"1","versionEndIncluding":"5.7.10","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"mysql","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"3452","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"6.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"3452","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"7.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"3452","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"6.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"3452","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"7.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"secalert_us@oracle.com","ID":"CVE-2016-3452","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"RHSA-2016:1481","refsource":"REDHAT","url":"http://rhn.redhat.com/errata/RHSA-2016-1481.html"},{"name":"RHSA-2016:1132","refsource":"REDHAT","url":"https://access.redhat.com/errata/RHSA-2016:1132"},{"name":"http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html","refsource":"CONFIRM","url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"},{"name":"https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/","refsource":"CONFIRM","url":"https://mariadb.com/kb/en/mariadb/mariadb-5549-release-notes/"},{"name":"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html","refsource":"CONFIRM","url":"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"},{"name":"RHSA-2016:1480","refsource":"REDHAT","url":"http://rhn.redhat.com/errata/RHSA-2016-1480.html"},{"name":"https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/","refsource":"CONFIRM","url":"https://mariadb.com/kb/en/mariadb/mariadb-10114-release-notes/"},{"name":"http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168","refsource":"CONFIRM","url":"http://www-01.ibm.com/support/docview.wss?uid=isg3T1024168"},{"name":"1036362","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1036362"},{"name":"91999","refsource":"BID","url":"http://www.securityfocus.com/bid/91999"},{"name":"RHSA-2016:1602","refsource":"REDHAT","url":"http://rhn.redhat.com/errata/RHSA-2016-1602.html"},{"name":"91787","refsource":"BID","url":"http://www.securityfocus.com/bid/91787"},{"name":"RHSA-2016:0705","refsource":"REDHAT","url":"http://rhn.redhat.com/errata/RHSA-2016-0705.html"},{"name":"https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/","refsource":"CONFIRM","url":"https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/"}]}},"nvd":{"publishedDate":"2016-07-21 10:12:00","lastModifiedDate":"2019-12-27 16:08:00","problem_types":["NVD-CWE-noinfo"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":3.7,"baseSeverity":"LOW"},"exploitabilityScore":2.2,"impactScore":1.4},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":4.3},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*","versionStartIncluding":"5.6.0","versionEndIncluding":"5.6.29","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*","versionStartIncluding":"5.7.0","versionEndIncluding":"5.7.10","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5.0","versionEndIncluding":"5.5.48","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5.20","versionEndExcluding":"5.5.49","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*","versionStartIncluding":"10.0.0","versionEndExcluding":"10.0.25","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*","versionStartIncluding":"10.1.0","versionEndExcluding":"10.1.14","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ibm:powerkvm:3.1:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ibm:powerkvm:2.1:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2016","CveId":"3452","Ordinal":"89327","Title":"CVE-2016-3452","CVE":"CVE-2016-3452","Year":"2016"},"notes":[{"CveYear":"2016","CveId":"3452","Ordinal":"1","NoteData":"Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption.","Type":"Description","Title":null},{"CveYear":"2016","CveId":"3452","Ordinal":"2","NoteData":"2016-07-21","Type":"Other","Title":"Published"},{"CveYear":"2016","CveId":"3452","Ordinal":"3","NoteData":"2018-01-04","Type":"Other","Title":"Modified"}]}}}