Sensitive Information Exposure and Data Modification in HPE System Management Homepage
CVE-2016-1993

8.1HIGH

Key Information:

Vendor: HP
Status: System Management Homepage
Vendor: CVE Published:; 18 March 2016

What is CVE-2016-1993?

The HPE System Management Homepage, in versions prior to 7.5.4, is susceptible to a vulnerability that allows remote authenticated users to access sensitive information or manipulate data through unspecified methods. This situation can jeopardize the integrity and confidentiality of system management data, posing risks to organizational security and operational stability.

References

http://www.securitytracker.com/id/1035325

vdb-entryx_refsource_SECTRACK

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/do...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 18, 2016
Vulnerability Reserved
Jan 22, 2016