Lucene search

[email protected]CVE-2016-2001

HistoryApr 12, 2016 - 11:59 p.m.

CVE-2016-2001

2016-04-1223:59:36

[email protected]

web.nvd.nist.gov

cve-2016-2001

hpe

universal cmdb

foundation

url redirection

vulnerability

nvd

remote attackers

sensitive information

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N

7.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

49.8%

JSON

HPE Universal CMDB Foundation 10.0, 10.01, 10.10, 10.11, and 10.20 allows remote attackers to obtain sensitive information or conduct URL redirection attacks via unspecified vectors.

Affected configurations

NVD

Node

hpuniversal_cmbd_foundationMatch10.0

hpuniversal_cmbd_foundationMatch10.01

hpuniversal_cmbd_foundationMatch10.10

hpuniversal_cmbd_foundationMatch10.11

hpuniversal_cmbd_foundationMatch10.20

CPENameOperatorVersion
hp:universal_cmbd_foundationhp universal cmbd foundationeq10.0
hp:universal_cmbd_foundationhp universal cmbd foundationeq10.01
hp:universal_cmbd_foundationhp universal cmbd foundationeq10.10
hp:universal_cmbd_foundationhp universal cmbd foundationeq10.11
hp:universal_cmbd_foundationhp universal cmbd foundationeq10.20

CPE	Name	Operator	Version
hp:universal_cmbd_foundation	hp universal cmbd foundation	eq	10.0
hp:universal_cmbd_foundation	hp universal cmbd foundation	eq	10.01
hp:universal_cmbd_foundation	hp universal cmbd foundation	eq	10.10
hp:universal_cmbd_foundation	hp universal cmbd foundation	eq	10.11
hp:universal_cmbd_foundation	hp universal cmbd foundation	eq	10.20

References

www.securitytracker.com/id/1035505

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073504

Social References

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N

7.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

49.8%

JSON

Related for CVE-2016-2001

nvd1 prion1 cvelist1