Local Information Disclosure and Data Modification Vulnerability in HPE System Management Homepage
CVE-2016-2015

7.1HIGH

Key Information:

Vendor

HP
Status
System Management Homepage
Vendor
CVE Published:
14 May 2016

What is CVE-2016-2015?

The HPE System Management Homepage prior to version 7.5.5 has a vulnerability that enables local users to potentially gain access to sensitive information or modify data through unspecified vectors. This could pose risks to system integrity and confidentiality, rendering the system susceptible to unauthorized actions.

References

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/do...
x_refsource_CONFIRM
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/do...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1035775
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.