Lucene search

[email protected]CVE-2016-4371

HistoryJun 19, 2016 - 1:59 a.m.

CVE-2016-4371

2016-06-1901:59:07

CWE-352

[email protected]

web.nvd.nist.gov

hpe

service manager

software

ssrf

information disclosure

cve-2016-4371

nvd

6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

7.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

33.0%

JSON

HPE Service Manager Software 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, and 9.41 allows remote authenticated users to obtain sensitive information, modify data, and conduct server-side request forgery (SSRF) attacks via unspecified vectors, related to the Server, Web Client, Windows Client, and Service Request components.

Affected configurations

NVD

Node

hpservice_managerMatch9.30

hpservice_managerMatch9.31

hpservice_managerMatch9.32

hpservice_managerMatch9.33

hpservice_managerMatch9.34

hpservice_managerMatch9.35

hpservice_managerMatch9.40

hpservice_managerMatch9.41

hpservice_manager_mobilityMatch9.30

hpservice_manager_mobilityMatch9.31

hpservice_manager_mobilityMatch9.32

hpservice_manager_mobilityMatch9.33

hpservice_manager_mobilityMatch9.34

hpservice_manager_mobilityMatch9.35

hpservice_manager_mobilityMatch9.40

hpservice_manager_mobilityMatch9.41

hpservice_manager_serverMatch9.30

hpservice_manager_serverMatch9.31

hpservice_manager_serverMatch9.32

hpservice_manager_serverMatch9.33

hpservice_manager_serverMatch9.34

hpservice_manager_serverMatch9.35

hpservice_manager_serverMatch9.40

hpservice_manager_serverMatch9.41

hpservice_manager_service_request_catalogMatch9.30

hpservice_manager_service_request_catalogMatch9.31

hpservice_manager_service_request_catalogMatch9.32

hpservice_manager_service_request_catalogMatch9.33

hpservice_manager_service_request_catalogMatch9.34

hpservice_manager_service_request_catalogMatch9.35

hpservice_manager_service_request_catalogMatch9.40

hpservice_manager_service_request_catalogMatch9.41

hpservice_manager_web_clientMatch9.30

hpservice_manager_web_clientMatch9.31

hpservice_manager_web_clientMatch9.32

hpservice_manager_web_clientMatch9.33

hpservice_manager_web_clientMatch9.34

hpservice_manager_web_clientMatch9.35

hpservice_manager_web_clientMatch9.40

hpservice_manager_web_clientMatch9.41

hpservice_manager_windows_clientMatch9.30

hpservice_manager_windows_clientMatch9.31

hpservice_manager_windows_clientMatch9.32

hpservice_manager_windows_clientMatch9.33

hpservice_manager_windows_clientMatch9.34

hpservice_manager_windows_clientMatch9.35

hpservice_manager_windows_clientMatch9.40

hpservice_manager_windows_clientMatch9.41

CPENameOperatorVersion
hp:service_managerhp service managereq9.30
hp:service_managerhp service managereq9.31
hp:service_managerhp service managereq9.32
hp:service_managerhp service managereq9.33
hp:service_managerhp service managereq9.34
hp:service_managerhp service managereq9.35
hp:service_managerhp service managereq9.40
hp:service_managerhp service managereq9.41
hp:service_manager_mobilityhp service manager mobilityeq9.30
hp:service_manager_mobilityhp service manager mobilityeq9.31

CPE	Name	Operator	Version
hp:service_manager	hp service manager	eq	9.30
hp:service_manager	hp service manager	eq	9.31
hp:service_manager	hp service manager	eq	9.32
hp:service_manager	hp service manager	eq	9.33
hp:service_manager	hp service manager	eq	9.34
hp:service_manager	hp service manager	eq	9.35
hp:service_manager	hp service manager	eq	9.40
hp:service_manager	hp service manager	eq	9.41
hp:service_manager_mobility	hp service manager mobility	eq	9.30
hp:service_manager_mobility	hp service manager mobility	eq	9.31

Rows per page:

1-10 of 481

References

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05167176

6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

7.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

33.0%

JSON

Related for CVE-2016-4371

nvd1 prion1 openvas1 cvelist1