Vulnerability-Lookup

CVE-2016-5722 (GCVE-0-2016-5722)

Vulnerability from cvelistv5 – Published: 2016-06-24 17:00 – Updated: 2024-08-06 01:07

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

GHSA-WXJ5-3W49-R522

Vulnerability from github – Published: 2022-05-17 03:48 – Updated: 2022-05-17 03:48

Details

Severity ?

7.3 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-5722"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-06-24T17:59:00Z",
    "severity": "HIGH"
  },
  "details": "Huawei OceanStor 5300 V3, 5500 V3, 5600 V3, 5800 V3, 6800 V3, 18800 V3, and 18500 V3 before V300R003C10 sends the plaintext session token in the HTTP header, which allows remote attackers to conduct replay attacks and obtain sensitive information by sniffing the network.",
  "id": "GHSA-wxj5-3w49-r522",
  "modified": "2022-05-17T03:48:21Z",
  "published": "2022-05-17T03:48:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5722"
    },
    {
      "type": "WEB",
      "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160615-01-oceanstor-en"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2016-5722

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2016-5722

Aliases

CVE-2016-5722

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-5722",
    "description": "Huawei OceanStor 5300 V3, 5500 V3, 5600 V3, 5800 V3, 6800 V3, 18800 V3, and 18500 V3 before V300R003C10 sends the plaintext session token in the HTTP header, which allows remote attackers to conduct replay attacks and obtain sensitive information by sniffing the network.",
    "id": "GSD-2016-5722"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-5722"
      ],
      "details": "Huawei OceanStor 5300 V3, 5500 V3, 5600 V3, 5800 V3, 6800 V3, 18800 V3, and 18500 V3 before V300R003C10 sends the plaintext session token in the HTTP header, which allows remote attackers to conduct replay attacks and obtain sensitive information by sniffing the network.",
      "id": "GSD-2016-5722",
      "modified": "2023-12-13T01:21:25.519457Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2016-5722",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Huawei OceanStor 5300 V3, 5500 V3, 5600 V3, 5800 V3, 6800 V3, 18800 V3, and 18500 V3 before V300R003C10 sends the plaintext session token in the HTTP header, which allows remote attackers to conduct replay attacks and obtain sensitive information by sniffing the network."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160615-01-oceanstor-en",
            "refsource": "CONFIRM",
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160615-01-oceanstor-en"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:huawei:ocean_stor_18500_v3:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:huawei:ocean_stor_18800_v3:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:huawei:ocean_stor_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "v300r003c00spc100",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:huawei:ocean_stor_6800_v3:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:huawei:ocean_stor_5800_v3:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:huawei:ocean_stor_5600_v3:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:huawei:ocean_stor_5500_v3:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:huawei:ocean_stor_5300_v3:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:huawei:ocean_stor_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "v300r002c10spc200",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:huawei:ocean_stor_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "v300r003c00spc100",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-5722"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Huawei OceanStor 5300 V3, 5500 V3, 5600 V3, 5800 V3, 6800 V3, 18800 V3, and 18500 V3 before V300R003C10 sends the plaintext session token in the HTTP header, which allows remote attackers to conduct replay attacks and obtain sensitive information by sniffing the network."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160615-01-oceanstor-en",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160615-01-oceanstor-en"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.4
        }
      },
      "lastModifiedDate": "2016-09-29T14:34Z",
      "publishedDate": "2016-06-24T17:59Z"
    }
  }
}

VAR-201606-0055

Vulnerability from variot - Updated: 2025-04-13 23:27

Huawei OceanStor 5300 V3, 5500 V3, 5600 V3, 5800 V3, 6800 V3, 18800 V3, and 18500 V3 before V300R003C10 sends the plaintext session token in the HTTP header, which allows remote attackers to conduct replay attacks and obtain sensitive information by sniffing the network. OceanStor Is HTTP Replay attack to send clear session token in header ( Replay attack ) There are vulnerabilities that can be executed and get important information.A replay attack by intercepting the network by a third party ( Replay attack ) May be executed and important information may be obtained. Huawei OceanStor 5300 and other storage products are all Huawei's Huawei products. A security vulnerability exists in several HuaweiOceanStor products. The vulnerability stems from the fact that the program sends a clear text session token in the HTTP header. A remote attacker can exploit the vulnerability by sniffing the network to implement replay attacks and obtain sensitive information. This may lead to other attacks. The following products and versions are affected: Huawei OceanStor 5300 V3, 5500 V3, 5600 V3, 5800 V3, 6800 V3, 18800 V3, and V3 versions earlier than 18500 V300R003C10

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201606-0055",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ocean stor",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "v300r002c10spc200"
      },
      {
        "model": "ocean stor",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "v300r003c00spc100"
      },
      {
        "model": "oceanstor 5300 v3",
        "scope": null,
        "trust": 0.8,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "oceanstor 5500 v3",
        "scope": null,
        "trust": 0.8,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "oceanstor 5600 v3",
        "scope": null,
        "trust": 0.8,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "oceanstor 5800 v3",
        "scope": null,
        "trust": 0.8,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "oceanstor 6800 v3",
        "scope": null,
        "trust": 0.8,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "oceanstor oceanstor 18500 v3",
        "scope": null,
        "trust": 0.8,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "oceanstor oceanstor 18800 v3",
        "scope": null,
        "trust": 0.8,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "oceanstor",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "huawei",
        "version": "v300r003c10"
      },
      {
        "model": "oceanstor v300r003c00spc100",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "huawei",
        "version": "5300"
      },
      {
        "model": "oceanstor \u003c=v300r002c10spc200",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "huawei",
        "version": "5300v3"
      },
      {
        "model": "oceanstor v300r003c00spc100",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "huawei",
        "version": "5500v3"
      },
      {
        "model": "oceanstor \u003c=v300r002c10spc200",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "huawei",
        "version": "5500v3"
      },
      {
        "model": "oceanstor v300r003c00spc100",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "huawei",
        "version": "5600v3"
      },
      {
        "model": "oceanstor \u003c=v300r002c10spc200",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "huawei",
        "version": "5600v3"
      },
      {
        "model": "oceanstor v300r003c00spc100",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "huawei",
        "version": "5800v3"
      },
      {
        "model": "oceanstor \u003c=v300r002c10spc200",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "huawei",
        "version": "5800v3"
      },
      {
        "model": "oceanstor v300r003c00spc100",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "huawei",
        "version": "6800v3"
      },
      {
        "model": "oceanstor v300r003c00spc100",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "huawei",
        "version": "18800v3"
      },
      {
        "model": "oceanstor v300r003c00spc100",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "huawei",
        "version": "18500v3"
      },
      {
        "model": "ocean stor 18500 v3",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "ocean stor 5600 v3",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "ocean stor 5800 v3",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "ocean stor 5300 v3",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "ocean stor 5500 v3",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "ocean stor 6800 v3",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "ocean stor 18800 v3",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "huawei",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-04381"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-003328"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201606-576"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-5722"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/h:huawei:ocean_stor_5300_v3",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:huawei:ocean_stor_5500_v3",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:huawei:ocean_stor_5600_v3",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:huawei:ocean_stor_5800_v3",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:huawei:ocean_stor_6800_v3",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:huawei:ocean_stor_18500_v3",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:huawei:ocean_stor_18800_v3",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:huawei:ocean_stor_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-003328"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor reported the issue.",
    "sources": [
      {
        "db": "BID",
        "id": "91472"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2016-5722",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2016-5722",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CNVD-2016-04381",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-94541",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "LOW",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 3.9,
            "id": "CVE-2016-5722",
            "impactScore": 3.4,
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2016-5722",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2016-5722",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2016-04381",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201606-576",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-94541",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-04381"
      },
      {
        "db": "VULHUB",
        "id": "VHN-94541"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-003328"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201606-576"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-5722"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Huawei OceanStor 5300 V3, 5500 V3, 5600 V3, 5800 V3, 6800 V3, 18800 V3, and 18500 V3 before V300R003C10 sends the plaintext session token in the HTTP header, which allows remote attackers to conduct replay attacks and obtain sensitive information by sniffing the network. OceanStor Is HTTP Replay attack to send clear session token in header ( Replay attack ) There are vulnerabilities that can be executed and get important information.A replay attack by intercepting the network by a third party ( Replay attack ) May be executed and important information may be obtained. Huawei OceanStor 5300 and other storage products are all Huawei\u0027s Huawei products. A security vulnerability exists in several HuaweiOceanStor products. The vulnerability stems from the fact that the program sends a clear text session token in the HTTP header. A remote attacker can exploit the vulnerability by sniffing the network to implement replay attacks and obtain sensitive information. This may lead to other attacks. The following products and versions are affected: Huawei OceanStor 5300 V3, 5500 V3, 5600 V3, 5800 V3, 6800 V3, 18800 V3, and V3 versions earlier than 18500 V300R003C10",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-5722"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-003328"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-04381"
      },
      {
        "db": "BID",
        "id": "91472"
      },
      {
        "db": "VULHUB",
        "id": "VHN-94541"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-5722",
        "trust": 3.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-003328",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201606-576",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-04381",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "91472",
        "trust": 0.3
      },
      {
        "db": "VULHUB",
        "id": "VHN-94541",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-04381"
      },
      {
        "db": "VULHUB",
        "id": "VHN-94541"
      },
      {
        "db": "BID",
        "id": "91472"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-003328"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201606-576"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-5722"
      }
    ]
  },
  "id": "VAR-201606-0055",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-04381"
      },
      {
        "db": "VULHUB",
        "id": "VHN-94541"
      }
    ],
    "trust": 1.30227275
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-04381"
      }
    ]
  },
  "last_update_date": "2025-04-13T23:27:25.764000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "huawei-sa-20160615-01-oceanstor",
        "trust": 0.8,
        "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160615-01-oceanstor-en"
      },
      {
        "title": "Patches for the transmission of tokens in plaintext transmissions of various HuaweiOceanStor products",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/78296"
      },
      {
        "title": "Multiple Huawei OceanStor Product security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=62492"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-04381"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-003328"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201606-576"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-200",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-94541"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-003328"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-5722"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160615-01-oceanstor-en"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5722"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5722"
      },
      {
        "trust": 0.6,
        "url": "http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20160615-01-oceanstor-cn"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-04381"
      },
      {
        "db": "VULHUB",
        "id": "VHN-94541"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-003328"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201606-576"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-5722"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-04381"
      },
      {
        "db": "VULHUB",
        "id": "VHN-94541"
      },
      {
        "db": "BID",
        "id": "91472"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-003328"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201606-576"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-5722"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-06-30T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2016-04381"
      },
      {
        "date": "2016-06-24T00:00:00",
        "db": "VULHUB",
        "id": "VHN-94541"
      },
      {
        "date": "2016-06-28T00:00:00",
        "db": "BID",
        "id": "91472"
      },
      {
        "date": "2016-06-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-003328"
      },
      {
        "date": "2016-06-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201606-576"
      },
      {
        "date": "2016-06-24T17:59:04.597000",
        "db": "NVD",
        "id": "CVE-2016-5722"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-06-30T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2016-04381"
      },
      {
        "date": "2016-09-29T00:00:00",
        "db": "VULHUB",
        "id": "VHN-94541"
      },
      {
        "date": "2016-07-06T15:06:00",
        "db": "BID",
        "id": "91472"
      },
      {
        "date": "2016-06-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-003328"
      },
      {
        "date": "2016-06-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201606-576"
      },
      {
        "date": "2025-04-12T10:46:40.837000",
        "db": "NVD",
        "id": "CVE-2016-5722"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201606-576"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "OceanStor Vulnerable to replay attacks",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-003328"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201606-576"
      }
    ],
    "trust": 0.6
  }
}

CNVD-2016-04381

Vulnerability from cnvd - Published: 2016-06-30

Title

多款Huawei OceanStor产品明文传输token漏洞

Description

Huawei OceanStor 5300等都是中国华为（Huawei）公司的存储产品。多款Huawei OceanStor产品中存在安全漏洞，该漏洞源于程序在HTTP头中发送明文的会话令牌。远程攻击者可通过嗅探网络利用该漏洞实施重放攻击，获取敏感信息。

Severity

中

Patch Name

多款Huawei OceanStor产品明文传输token漏洞的补丁

Patch Description

Huawei OceanStor 5300等都是中国华为（Huawei）公司的存储产品。多款Huawei OceanStor产品中存在安全漏洞，该漏洞源于程序在HTTP头中发送明文的会话令牌。远程攻击者可通过嗅探网络利用该漏洞实施重放攻击，获取敏感信息。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接： http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20160615-01-oceanstor-cn

Reference

http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20160615-01-oceanstor-cn

Impacted products

Name
['Huawei OceanStor 5300 V300R003C00SPC100', 'Huawei OceanStor 5300 V3 <=V300R002C10SPC200', 'Huawei OceanStor 5500 V3 V300R003C00SPC100', 'Huawei OceanStor 5500 V3 <=V300R002C10SPC200', 'Huawei OceanStor 5600 V3 V300R003C00SPC100', 'Huawei OceanStor 5600 V3 <=V300R002C10SPC200', 'Huawei OceanStor 5800 V3 V300R003C00SPC100', 'Huawei OceanStor 5800 V3 <=V300R002C10SPC200', 'Huawei OceanStor 6800 V3 V300R003C00SPC100', 'Huawei OceanStor 18800 V3 V300R003C00SPC100', 'Huawei OceanStor 18500 V3 V300R003C00SPC100']

Name

['Huawei OceanStor 5300 V300R003C00SPC100', 'Huawei OceanStor 5300 V3 <=V300R002C10SPC200', 'Huawei OceanStor 5500 V3 V300R003C00SPC100', 'Huawei OceanStor 5500 V3 <=V300R002C10SPC200', 'Huawei OceanStor 5600 V3 V300R003C00SPC100', 'Huawei OceanStor 5600 V3 <=V300R002C10SPC200', 'Huawei OceanStor 5800 V3 V300R003C00SPC100', 'Huawei OceanStor 5800 V3 <=V300R002C10SPC200', 'Huawei OceanStor 6800 V3 V300R003C00SPC100', 'Huawei OceanStor 18800 V3 V300R003C00SPC100', 'Huawei OceanStor 18500 V3 V300R003C00SPC100']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-5722"
    }
  },
  "description": "Huawei OceanStor 5300\u7b49\u90fd\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u7684\u5b58\u50a8\u4ea7\u54c1\u3002\r\n\r\n\u591a\u6b3eHuawei OceanStor\u4ea7\u54c1\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u5728HTTP\u5934\u4e2d\u53d1\u9001\u660e\u6587\u7684\u4f1a\u8bdd\u4ee4\u724c\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u55c5\u63a2\u7f51\u7edc\u5229\u7528\u8be5\u6f0f\u6d1e\u5b9e\u65bd\u91cd\u653e\u653b\u51fb\uff0c\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002",
  "discovererName": "Huawei",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttp://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20160615-01-oceanstor-cn",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-04381",
  "openTime": "2016-06-30",
  "patchDescription": "Huawei OceanStor 5300\u7b49\u90fd\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u7684\u5b58\u50a8\u4ea7\u54c1\u3002\r\n\r\n\u591a\u6b3eHuawei OceanStor\u4ea7\u54c1\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u5728HTTP\u5934\u4e2d\u53d1\u9001\u660e\u6587\u7684\u4f1a\u8bdd\u4ee4\u724c\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u55c5\u63a2\u7f51\u7edc\u5229\u7528\u8be5\u6f0f\u6d1e\u5b9e\u65bd\u91cd\u653e\u653b\u51fb\uff0c\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eHuawei OceanStor\u4ea7\u54c1\u660e\u6587\u4f20\u8f93token\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Huawei OceanStor 5300 V300R003C00SPC100",
      "Huawei OceanStor 5300 V3 \u003c=V300R002C10SPC200",
      "Huawei OceanStor 5500 V3 V300R003C00SPC100",
      "Huawei OceanStor 5500 V3 \u003c=V300R002C10SPC200",
      "Huawei OceanStor 5600 V3 V300R003C00SPC100",
      "Huawei OceanStor 5600 V3 \u003c=V300R002C10SPC200",
      "Huawei OceanStor 5800 V3 V300R003C00SPC100",
      "Huawei OceanStor 5800 V3 \u003c=V300R002C10SPC200",
      "Huawei OceanStor 6800 V3 V300R003C00SPC100",
      "Huawei OceanStor 18800 V3 V300R003C00SPC100",
      "Huawei OceanStor 18500 V3 V300R003C00SPC100"
    ]
  },
  "referenceLink": "http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20160615-01-oceanstor-cn",
  "serverity": "\u4e2d",
  "submitTime": "2016-06-28",
  "title": "\u591a\u6b3eHuawei OceanStor\u4ea7\u54c1\u660e\u6587\u4f20\u8f93token\u6f0f\u6d1e"
}

FKIE_CVE-2016-5722

Vulnerability from fkie_nvd - Published: 2016-06-24 17:59 - Updated: 2025-04-12 10:46

Severity ?

7.3 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Summary

References

	URL	Tags
	cve@mitre.org	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160615-01-oceanstor-en	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160615-01-oceanstor-en	Vendor Advisory

Impacted products

Vendor	Product	Version
huawei	ocean_stor_18500_v3	-
huawei	ocean_stor_18800_v3	-
huawei	ocean_stor_firmware	*
huawei	ocean_stor_5300_v3	-
huawei	ocean_stor_5500_v3	-
huawei	ocean_stor_5600_v3	-
huawei	ocean_stor_5800_v3	-
huawei	ocean_stor_6800_v3	-
huawei	ocean_stor_firmware	*
huawei	ocean_stor_firmware	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:ocean_stor_18500_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "36DBF46A-8211-4D12-A131-C13857F482D0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:huawei:ocean_stor_18800_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA1E351F-4E80-48D6-9A24-71C9EC059A63",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:huawei:ocean_stor_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FB6EFB6-F2AB-48CB-8DBE-AE4E37C83C33",
              "versionEndIncluding": "v300r003c00spc100",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:ocean_stor_5300_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF313657-8543-47E2-BC5F-3045A5A7B964",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:huawei:ocean_stor_5500_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3852DBE3-A2E7-49C0-9302-839229EA8679",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:huawei:ocean_stor_5600_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5802E074-3642-4AD2-AE91-7C1E3FD020F3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:huawei:ocean_stor_5800_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7168D18D-EE27-499E-9BD9-3694E639BCB2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:huawei:ocean_stor_6800_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9B9EBD0-93DE-44E7-8B69-05D76DF8AC76",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:huawei:ocean_stor_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE9CFCF8-F9CC-4D12-8A22-EC99ED3955C6",
              "versionEndIncluding": "v300r002c10spc200",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:huawei:ocean_stor_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FB6EFB6-F2AB-48CB-8DBE-AE4E37C83C33",
              "versionEndIncluding": "v300r003c00spc100",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Huawei OceanStor 5300 V3, 5500 V3, 5600 V3, 5800 V3, 6800 V3, 18800 V3, and 18500 V3 before V300R003C10 sends the plaintext session token in the HTTP header, which allows remote attackers to conduct replay attacks and obtain sensitive information by sniffing the network."
    },
    {
      "lang": "es",
      "value": "Huawei OceanStor 5300 V3, 5500 V3, 5600 V3, 5800 V3, 6800 V3, 18800 V3 y 18500 V3 en versiones anteriores a V300R003C10 env\u00eda el token de sesi\u00f3n en texto plano en la cabecera HTTP, lo que permite a atacantes remotos llevar a cabo ataques de repetici\u00f3n y obtener informaci\u00f3n sensible espiando la red."
    }
  ],
  "id": "CVE-2016-5722",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 7.3,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-06-24T17:59:04.597",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160615-01-oceanstor-en"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160615-01-oceanstor-en"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2016-5722 (GCVE-0-2016-5722)

GHSA-WXJ5-3W49-R522

GSD-2016-5722

VAR-201606-0055

CNVD-2016-04381

FKIE_CVE-2016-5722

Tags

Sightings

Nomenclature