Vulnerability-Lookup

CVE-2016-2406 (GCVE-0-2016-2406)

Vulnerability from cvelistv5 – Published: 2017-03-20 16:00 – Updated: 2024-08-05 23:24

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

GHSA-V825-395Q-5VFF

Vulnerability from github – Published: 2022-05-17 02:54 – Updated: 2022-05-17 02:54

Details

Severity ?

4.3 (Medium)


                  
                    CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-2406"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-03-20T16:59:00Z",
    "severity": "MODERATE"
  },
  "details": "The permission control module in Huawei Document Security Management (aka DSM) before V100R002C05SPC670 allows remote authenticated users to obtain sensitive information from encrypted documents by leveraging incorrect control of permissions on the PrintScreen button.",
  "id": "GHSA-v825-395q-5vff",
  "modified": "2022-05-17T02:54:29Z",
  "published": "2022-05-17T02:54:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2406"
    },
    {
      "type": "WEB",
      "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160218-01-dsm-en"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2016-2406

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2016-2406

Aliases

CVE-2016-2406

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-2406",
    "description": "The permission control module in Huawei Document Security Management (aka DSM) before V100R002C05SPC670 allows remote authenticated users to obtain sensitive information from encrypted documents by leveraging incorrect control of permissions on the PrintScreen button.",
    "id": "GSD-2016-2406"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-2406"
      ],
      "details": "The permission control module in Huawei Document Security Management (aka DSM) before V100R002C05SPC670 allows remote authenticated users to obtain sensitive information from encrypted documents by leveraging incorrect control of permissions on the PrintScreen button.",
      "id": "GSD-2016-2406",
      "modified": "2023-12-13T01:21:20.168915Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2016-2406",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The permission control module in Huawei Document Security Management (aka DSM) before V100R002C05SPC670 allows remote authenticated users to obtain sensitive information from encrypted documents by leveraging incorrect control of permissions on the PrintScreen button."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160218-01-dsm-en",
            "refsource": "CONFIRM",
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160218-01-dsm-en"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:huawei:document_security_management:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "v100r002c05spc661",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-2406"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The permission control module in Huawei Document Security Management (aka DSM) before V100R002C05SPC670 allows remote authenticated users to obtain sensitive information from encrypted documents by leveraging incorrect control of permissions on the PrintScreen button."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-275"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160218-01-dsm-en",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160218-01-dsm-en"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 1.4
        }
      },
      "lastModifiedDate": "2017-03-23T10:48Z",
      "publishedDate": "2017-03-20T16:59Z"
    }
  }
}

FKIE_CVE-2016-2406

Vulnerability from fkie_nvd - Published: 2017-03-20 16:59 - Updated: 2025-04-20 01:37

Severity ?

4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Summary

References

	URL	Tags
	cve@mitre.org	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160218-01-dsm-en	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160218-01-dsm-en	Vendor Advisory

Impacted products

	Vendor	Product	Version
	huawei	document_security_management	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:huawei:document_security_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D4E1C8B-7625-4DE2-8F2C-4AB4354A31C2",
              "versionEndIncluding": "v100r002c05spc661",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The permission control module in Huawei Document Security Management (aka DSM) before V100R002C05SPC670 allows remote authenticated users to obtain sensitive information from encrypted documents by leveraging incorrect control of permissions on the PrintScreen button."
    },
    {
      "lang": "es",
      "value": "El m\u00f3dulo de control de permisos en Huawei Document Security Management (tambi\u00e9n conocido como DSM) en versiones anteriores a V100R002C05SPC670 permite a usuarios remotos autenticados obtener informaci\u00f3n sensible de documentos cifrados aprovechando el control incorrecto de permisos en el bot\u00f3n PrintScreen."
    }
  ],
  "id": "CVE-2016-2406",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-03-20T16:59:01.627",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160218-01-dsm-en"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160218-01-dsm-en"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-275"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2017-04281

Vulnerability from cnvd - Published: 2017-04-11

Title

Huawei Document Security Management信息泄露漏洞

Description

Huawei Document Security Management（DSM）是中国华为（Huawei）公司的一套文档权限管理软件。该软件具有高稳定性、可靠性和可扩展性等特点。 Huawei DSM V100R002C05SPC670之前的版本中的权限控制功能存在安全漏洞。远程攻击者可利用该漏洞获取加密文档的敏感信息。

Severity

中

Patch Name

Huawei Document Security Management信息泄露漏洞的补丁

Patch Description

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接： http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160218-01-dsm-en

Reference

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160218-01-dsm-en

Impacted products

Name
Huawei Document Security Management（DSM） <=V100R002C05SPC661

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-2406",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2406"
    }
  },
  "description": "Huawei Document Security Management\uff08DSM\uff09\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u7684\u4e00\u5957\u6587\u6863\u6743\u9650\u7ba1\u7406\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u5177\u6709\u9ad8\u7a33\u5b9a\u6027\u3001\u53ef\u9760\u6027\u548c\u53ef\u6269\u5c55\u6027\u7b49\u7279\u70b9\u3002\r\n\r\nHuawei DSM V100R002C05SPC670\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u7684\u6743\u9650\u63a7\u5236\u529f\u80fd\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u52a0\u5bc6\u6587\u6863\u7684\u654f\u611f\u4fe1\u606f\u3002",
  "discovererName": "Huawei internal tester",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160218-01-dsm-en",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-04281",
  "openTime": "2017-04-11",
  "patchDescription": "Huawei Document Security Management\uff08DSM\uff09\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u7684\u4e00\u5957\u6587\u6863\u6743\u9650\u7ba1\u7406\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u5177\u6709\u9ad8\u7a33\u5b9a\u6027\u3001\u53ef\u9760\u6027\u548c\u53ef\u6269\u5c55\u6027\u7b49\u7279\u70b9\u3002\r\n\r\nHuawei DSM V100R002C05SPC670\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u7684\u6743\u9650\u63a7\u5236\u529f\u80fd\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u52a0\u5bc6\u6587\u6863\u7684\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Huawei Document Security Management\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Huawei Document Security Management\uff08DSM\uff09 \u003c=V100R002C05SPC661"
  },
  "referenceLink": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160218-01-dsm-en",
  "serverity": "\u4e2d",
  "submitTime": "2017-03-22",
  "title": "Huawei Document Security Management\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

VAR-201703-0171

Vulnerability from variot - Updated: 2025-04-20 23:22

The permission control module in Huawei Document Security Management (aka DSM) before V100R002C05SPC670 allows remote authenticated users to obtain sensitive information from encrypted documents by leveraging incorrect control of permissions on the PrintScreen button. Huawei Document Security Management (DSM) is a set of document rights management software from Huawei, China. The software is characterized by high stability, reliability and scalability. Security vulnerabilities exist in the permission control function of Huawei DSM versions earlier than V100R002C05SPC670. A remote attacker could exploit this vulnerability to obtain sensitive information in encrypted documents

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201703-0171",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "document security management",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "v100r002c05spc661"
      },
      {
        "model": "dsm",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "huawei",
        "version": "v100r002c05spc670"
      },
      {
        "model": "document security management",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "huawei",
        "version": "v100r002c05spc661"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008035"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-901"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2406"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:huawei:document_security_management",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008035"
      }
    ]
  },
  "cve": "CVE-2016-2406",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "id": "CVE-2016-2406",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "id": "VHN-91225",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.8,
            "id": "CVE-2016-2406",
            "impactScore": 1.4,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2016-2406",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2016-2406",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201703-901",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-91225",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-91225"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008035"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-901"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2406"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The permission control module in Huawei Document Security Management (aka DSM) before V100R002C05SPC670 allows remote authenticated users to obtain sensitive information from encrypted documents by leveraging incorrect control of permissions on the PrintScreen button. Huawei Document Security Management (DSM) is a set of document rights management software from Huawei, China. The software is characterized by high stability, reliability and scalability. Security vulnerabilities exist in the permission control function of Huawei DSM versions earlier than V100R002C05SPC670. A remote attacker could exploit this vulnerability to obtain sensitive information in encrypted documents",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-2406"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008035"
      },
      {
        "db": "VULHUB",
        "id": "VHN-91225"
      }
    ],
    "trust": 1.71
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-2406",
        "trust": 2.5
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008035",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-901",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-91225",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-91225"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008035"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-901"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2406"
      }
    ]
  },
  "id": "VAR-201703-0171",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-91225"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2025-04-20T23:22:29.981000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "huawei-sa-20160218-01-dsm",
        "trust": 0.8,
        "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160218-01-dsm-en"
      },
      {
        "title": "Huawei Document Security Management Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=68653"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008035"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-901"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-275",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-91225"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008035"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2406"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160218-01-dsm-en"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2406"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2406"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-91225"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008035"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-901"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2406"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-91225"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008035"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-901"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-2406"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-03-20T00:00:00",
        "db": "VULHUB",
        "id": "VHN-91225"
      },
      {
        "date": "2017-04-18T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-008035"
      },
      {
        "date": "2017-03-21T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201703-901"
      },
      {
        "date": "2017-03-20T16:59:01.627000",
        "db": "NVD",
        "id": "CVE-2016-2406"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-03-23T00:00:00",
        "db": "VULHUB",
        "id": "VHN-91225"
      },
      {
        "date": "2017-04-18T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-008035"
      },
      {
        "date": "2017-03-21T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201703-901"
      },
      {
        "date": "2025-04-20T01:37:25.860000",
        "db": "NVD",
        "id": "CVE-2016-2406"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-901"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Huawei Document Security Management Vulnerability in which important information is obtained in the permission control module",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008035"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "lack of information",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201703-901"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2016-2406 (GCVE-0-2016-2406)

GHSA-V825-395Q-5VFF

GSD-2016-2406

FKIE_CVE-2016-2406

CNVD-2017-04281

VAR-201703-0171

Tags

Sightings

Nomenclature