Vulnerability Description
Adobe AIR SDK & Compiler before 23.0.0.257 on Windows does not support Android runtime-analytics transport security, which might allow remote attackers to obtain sensitive information by leveraging access to a network over which analytics data is sent.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Adobe | Air Sdk \& Compiler | 22.0.0.153 |
| Apple | Mac Os X | - |
| Microsoft | Windows | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/92926
- http://www.securitytracker.com/id/1036792
- https://helpx.adobe.com/security/products/air/apsb16-31.htmlVendor Advisory
- https://wwws.nightwatchcybersecurity.com/2016/09/14/advisory-insecure-transmissi
- http://www.securityfocus.com/bid/92926
- http://www.securitytracker.com/id/1036792
- https://helpx.adobe.com/security/products/air/apsb16-31.htmlVendor Advisory
- https://wwws.nightwatchcybersecurity.com/2016/09/14/advisory-insecure-transmissi
FAQ
What is CVE-2016-6936?
CVE-2016-6936 is a vulnerability with a CVSS score of 7.5 (HIGH). Adobe AIR SDK & Compiler before 23.0.0.257 on Windows does not support Android runtime-analytics transport security, which might allow remote attackers to obtain sensitive information by leveraging ac...
How severe is CVE-2016-6936?
CVE-2016-6936 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-6936?
Check the references section above for vendor advisories and patch information. Affected products include: Adobe Air Sdk \& Compiler, Apple Mac Os X, Microsoft Windows.