CVE-2016-5455
CVE-2016-5455 is a medium-severity vulnerability in Oracle Communications Messaging Server with a CVSS 3.x base score of 5.3. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.
Key facts
- Severity: Medium (CVSS 3.x base score 5.3)
- CVSS v2: 5.0
- EPSS exploit prediction: 2% (81st percentile)
- Actively exploited: Not listed in CISA KEV
- Affected product: Oracle Communications Messaging Server
- Published:
- Last modified:
Description
Unspecified vulnerability in the Oracle Communications Messaging Server component in Oracle Communications Applications 6.3, 7.0, and 8.0 allows remote attackers to affect confidentiality via vectors related to Multiplexor.
Frequently asked questions
- What is CVE-2016-5455?
- Unspecified vulnerability in the Oracle Communications Messaging Server component in Oracle Communications Applications 6.3, 7.0, and 8.0 allows remote attackers to affect confidentiality via vectors related to Multiplexor.
- How severe is CVE-2016-5455?
- CVE-2016-5455 has a CVSS 3.x base score of 5.3, rated medium severity. It is exploitable over network with low attack complexity, requires no privileges and no user interaction. Impact on confidentiality is low, integrity none, and availability none.
- Is CVE-2016-5455 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 2% (81st percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2016-5455?
- CVE-2016-5455 primarily affects Oracle Communications Messaging Server. In total, 3 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2016-5455?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2016-5455 published?
- CVE-2016-5455 was published on 2016-07-21 and last updated on 2026-06-17.
References
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
- http://www.securityfocus.com/bid/91787
- http://www.securityfocus.com/bid/91863
- http://www.securitytracker.com/id/1036401
Affected products (3)
- cpe:2.3:a:oracle:communications_messaging_server:6.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_messaging_server:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_messaging_server:8.0:*:*:*:*:*:*:*
More vulnerabilities in Oracle Communications Messaging Server
- CVE-2022-23305 — Critical (CVSS 9.8): By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be…
- CVE-2020-11656 — Critical (CVSS 9.8): In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause…
- CVE-2019-0228 — Critical (CVSS 9.8): Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct…
- CVE-2017-5645 — Critical (CVSS 9.8): In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log…
- CVE-2022-23307 — High (CVSS 8.8): CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw…
- CVE-2022-23302 — High (CVSS 8.8): JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write…