How severe is CVE-2016-0702?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.1 out of 10.

What type of vulnerability is CVE-2016-0702?

This is classified as CWE-200, which is a common weakness in software security.

CVE-2016-0702 - MEDIUM Severity | CVSS 5.1

Vulnerability Description

The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a "CacheBleed" attack.

Related Vulnerabilities

CVE-2015-4996

MEDIUM

CVSS:5.1(Medium)

IBM Rational ClearQuest 7.1.x and 8.0.0.x before 8.0.0.17 and 8.0.1.x before 8.0.1.10 allows local users to spoof database servers and discover credentials via unspecified vectors.

CWE-2002015

CVE-2015-7502

MEDIUM

CVSS:5.1(Medium)

Red Hat CloudForms 3.2 Management Engine (CFME) 5.4.4 and CloudForms 4.0 Management Engine (CFME) 5.5.0 do not properly encrypt data in the backend PostgreSQL database, which might allow local users t...

CWE-2002015

CVE-2016-0252

MEDIUM

CVSS:5.1(Medium)

IBM Control Center 6.x before 6.0.0.1 iFix06 and Sterling Control Center 5.4.x before 5.4.2.1 iFix09 allow local users to decrypt the master key via unspecified vectors.

CWE-2002016

CVE-2016-5894

MEDIUM

CVSS:5.1(Medium)

IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 7.0 and 8.0 is vulnerable to information disclosure vulnerability. A local user could view a plain text password in a Unix conso...

CWE-2002016

CVE-2017-15139

MEDIUM

CVSS:5.1(Medium)

A vulnerability was found in openstack-cinder releases up to and including Queens, allowing newly created volumes in certain storage volume configurations to contain previous data. It specifically aff...

CWE-2002017

CVE-2017-17556

MEDIUM

CVSS:5.1(Medium)

A debug tool in Synaptics TouchPad drivers allows local users with administrative access to obtain sensitive information about keyboard scan codes by modifying registry keys.

CWE-2002017