{"api_version":"1","generated_at":"2026-06-28T13:04:42+00:00","cve":"CVE-2016-3456","urls":{"html":"https://cve.report/CVE-2016-3456","api":"https://cve.report/api/cve/CVE-2016-3456.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2016-3456","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2016-3456"},"summary":{"title":"CVE-2016-3456","description":"Unspecified vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul component in Oracle Supply Chain Products Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Dialog Box.","state":"PUBLISHED","assigner":"oracle","published_at":"2016-04-21 11:00:37","updated_at":"2026-05-06 22:30:45"},"problem_types":["NVD-CWE-noinfo","n/a"],"metrics":[{"version":"3.0","source":"nvd@nist.gov","type":"Primary","score":"8.2","severity":"HIGH","vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","data":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"}},{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"4.3","severity":"","vector":"AV:N/AC:M/Au:N/C:N/I:P/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"}}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html","name":"http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Oracle Critical Patch Update Advisory - April 2016","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.securitytracker.com/id/1035591","name":"http://www.securitytracker.com/id/1035591","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Oracle Supply Chain Products Suite Bugs Let Remote and Local Users Access and Modify Data and Deny Service - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2016-3456","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-3456","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2016","cve_id":"3456","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"complex_maintenance_repair_and_overhaul","cpe6":"12.1.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"3456","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"complex_maintenance_repair_and_overhaul","cpe6":"12.1.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"3456","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"complex_maintenance_repair_and_overhaul","cpe6":"12.1.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-05T23:56:13.636Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"1035591","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id/1035591"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"}],"title":"CVE Program Container"},{"metrics":[{"other":{"content":{"id":"CVE-2016-3456","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2024-10-15T18:57:34.822278Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2024-10-15T19:03:57.105Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2016-04-19T00:00:00.000Z","descriptions":[{"lang":"en","value":"Unspecified vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul component in Oracle Supply Chain Products Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Dialog Box."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-09-02T09:57:01.000Z","orgId":"43595867-4340-4103-b7a2-9a5208d29a85","shortName":"oracle"},"references":[{"name":"1035591","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id/1035591"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"secalert_us@oracle.com","ID":"CVE-2016-3456","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Unspecified vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul component in Oracle Supply Chain Products Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Dialog Box."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"1035591","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1035591"},{"name":"http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html","refsource":"CONFIRM","url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"}]}}}},"cveMetadata":{"assignerOrgId":"43595867-4340-4103-b7a2-9a5208d29a85","assignerShortName":"oracle","cveId":"CVE-2016-3456","datePublished":"2016-04-21T10:00:00.000Z","dateReserved":"2016-03-17T00:00:00.000Z","dateUpdated":"2024-10-15T19:03:57.105Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2016-04-21 11:00:37","lastModifiedDate":"2026-05-06 22:30:45","problem_types":["NVD-CWE-noinfo","n/a"],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:complex_maintenance_repair_and_overhaul:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"DA6504C9-193B-41F2-9F3E-233D12D878E8"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:complex_maintenance_repair_and_overhaul:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"42E44E6E-8083-44D7-AA26-6404112A585A"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:complex_maintenance_repair_and_overhaul:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"A5572768-4F16-4E8E-A889-2BAB293569C6"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2016","CveId":"3456","Ordinal":"1","Title":"CVE-2016-3456","CVE":"CVE-2016-3456","Year":"2016"},"notes":[{"CveYear":"2016","CveId":"3456","Ordinal":"1","NoteData":"Unspecified vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul component in Oracle Supply Chain Products Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Dialog Box.","Type":"Description","Title":"CVE-2016-3456"},{"CveYear":"2016","CveId":"3456","Ordinal":"2","NoteData":"2016-04-21","Type":"Other","Title":"Published"},{"CveYear":"2016","CveId":"3456","Ordinal":"3","NoteData":"2017-09-02","Type":"Other","Title":"Modified"}]}}}