{"api_version":"1","generated_at":"2026-06-13T14:50:17+00:00","cve":"CVE-2016-5504","urls":{"html":"https://cve.report/CVE-2016-5504","api":"https://cve.report/api/cve/CVE-2016-5504.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2016-5504","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2016-5504"},"summary":{"title":"CVE-2016-5504","description":"Unspecified vulnerability in the Oracle Agile Product Lifecycle Management for Process component in Oracle Supply Chain Products Suite 6.1.0.4, 6.1.1.6, and 6.2.0.0 allows local users to affect confidentiality via vectors related to Supplier Portal.","state":"PUBLISHED","assigner":"oracle","published_at":"2016-10-25 14:29:39","updated_at":"2026-05-06 22:30:45"},"problem_types":["CWE-200","n/a"],"metrics":[{"version":"3.1","source":"nvd@nist.gov","type":"Primary","score":"4.1","severity":"MEDIUM","vector":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N","baseScore":4.1,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"}},{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"4.7","severity":"","vector":"AV:L/AC:M/Au:N/C:C/I:N/A:N","data":{"version":"2.0","vectorString":"AV:L/AC:M/Au:N/C:C/I:N/A:N","baseScore":4.7,"accessVector":"LOCAL","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"NONE","availabilityImpact":"NONE"}}],"references":[{"url":"http://www.securityfocus.com/bid/93679","name":"http://www.securityfocus.com/bid/93679","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory","VDB Entry"],"title":"Oracle Supply Chain Products Suite CVE-2016-5504 Local Security Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html","name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"Oracle Critical Patch Update - October 2016","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2016-5504","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5504","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2016","cve_id":"5504","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"agile_product_lifecycle_management_for_process","cpe6":"6.1.0.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"5504","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"agile_product_lifecycle_management_for_process","cpe6":"6.1.1.6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"5504","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"agile_product_lifecycle_management_for_process","cpe6":"6.2.0.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2016","cve_id":"5504","cve":"CVE-2016-5504","epss":"0.001180000","percentile":"0.301180000","score_date":"2026-05-08","updated_at":"2026-05-09 00:03:16"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-06T01:01:00.374Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"},{"name":"93679","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/93679"}],"title":"CVE Program Container"},{"metrics":[{"other":{"content":{"id":"CVE-2016-5504","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2024-10-10T17:49:48.921546Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2024-10-10T18:45:16.245Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2016-10-18T00:00:00.000Z","descriptions":[{"lang":"en","value":"Unspecified vulnerability in the Oracle Agile Product Lifecycle Management for Process component in Oracle Supply Chain Products Suite 6.1.0.4, 6.1.1.6, and 6.2.0.0 allows local users to affect confidentiality via vectors related to Supplier Portal."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2016-11-25T19:57:01.000Z","orgId":"43595867-4340-4103-b7a2-9a5208d29a85","shortName":"oracle"},"references":[{"tags":["x_refsource_CONFIRM"],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"},{"name":"93679","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/93679"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"secalert_us@oracle.com","ID":"CVE-2016-5504","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Unspecified vulnerability in the Oracle Agile Product Lifecycle Management for Process component in Oracle Supply Chain Products Suite 6.1.0.4, 6.1.1.6, and 6.2.0.0 allows local users to affect confidentiality via vectors related to Supplier Portal."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html","refsource":"CONFIRM","url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"},{"name":"93679","refsource":"BID","url":"http://www.securityfocus.com/bid/93679"}]}}}},"cveMetadata":{"assignerOrgId":"43595867-4340-4103-b7a2-9a5208d29a85","assignerShortName":"oracle","cveId":"CVE-2016-5504","datePublished":"2016-10-25T14:00:00.000Z","dateReserved":"2016-06-16T00:00:00.000Z","dateUpdated":"2024-10-10T18:45:16.245Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2016-10-25 14:29:39","lastModifiedDate":"2026-05-06 22:30:45","problem_types":["CWE-200","n/a"],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N","baseScore":4.1,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":0.5,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:M/Au:N/C:C/I:N/A:N","baseScore":4.7,"accessVector":"LOCAL","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":3.4,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.1.0.4:*:*:*:*:*:*:*","matchCriteriaId":"ACC24669-494A-467D-9E09-4398593522FB"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.1.1.6:*:*:*:*:*:*:*","matchCriteriaId":"D95CBDEB-EFDA-4591-8E85-675EFE49087D"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:*","matchCriteriaId":"A079FD6E-3BB0-4997-9A8E-6F8FEC89887A"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2016","CveId":"5504","Ordinal":"1","Title":"CVE-2016-5504","CVE":"CVE-2016-5504","Year":"2016"},"notes":[{"CveYear":"2016","CveId":"5504","Ordinal":"1","NoteData":"Unspecified vulnerability in the Oracle Agile Product Lifecycle Management for Process component in Oracle Supply Chain Products Suite 6.1.0.4, 6.1.1.6, and 6.2.0.0 allows local users to affect confidentiality via vectors related to Supplier Portal.","Type":"Description","Title":"CVE-2016-5504"},{"CveYear":"2016","CveId":"5504","Ordinal":"2","NoteData":"2016-10-25","Type":"Other","Title":"Published"},{"CveYear":"2016","CveId":"5504","Ordinal":"3","NoteData":"2016-11-25","Type":"Other","Title":"Modified"}]}}}