CVE Vulnerabilities

CVE-2016-2346

Insufficient Verification of Data Authenticity

Published: Apr 25, 2016 | Modified: May 04, 2016
CVSS 3.x
8.1
HIGH
Source:
NVD
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
6.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

Allround Automations PL/SQL Developer 11 before 11.0.6 relies on unverified HTTP data for updates, which allows man-in-the-middle attackers to execute arbitrary code by modifying fields in the client-server data stream.

Weakness

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

Affected Software

Name Vendor Start Version End Version
Pl/sql_developer Allroundautomations 11.0 11.0
Pl/sql_developer Allroundautomations 11.0.5 11.0.5
Pl/sql_developer Allroundautomations 11.0.4 11.0.4
Pl/sql_developer Allroundautomations 11.0.2 11.0.2
Pl/sql_developer Allroundautomations 11.0.3 11.0.3
Pl/sql_developer Allroundautomations 11.0.1 11.0.1

References