Remote Information Disclosure and URL Redirection in HPE Universal CMDB
CVE-2016-2001

7.4HIGH

Key Information:

Vendor: HP
Status: Universal Cmbd Foundation
Vendor: CVE Published:; 12 April 2016

What is CVE-2016-2001?

The HPE Universal CMDB Foundation versions 10.0 through 10.20 are susceptible to vulnerabilities that allow remote attackers to access sensitive information and perform unauthorized URL redirection. Attack vectors are unspecified, indicating potential weaknesses that could be exploited in various manners, leading to a breach of data confidentiality and integrity. Organizations using these versions should take immediate action to secure their systems and patch the vulnerability.

References

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/do...

x_refsource_CONFIRM

http://www.securitytracker.com/id/1035505

vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 12, 2016
Vulnerability Reserved
Jan 22, 2016