Remote Information Disclosure in HPE Systems Insight Manager
CVE-2016-2019

8.1HIGH

Key Information:

Vendor
HP
Status
Systems Insight Manager
Vendor
CVE Published:
8 June 2016

Summary

HPE Systems Insight Manager prior to version 7.5.1 contains vulnerabilities that may allow remote authenticated users to exploit improper access controls, potentially leading to unauthorized information disclosure and the ability to modify sensitive data. The specifics of the vulnerability exploit involve undefined vectors, allowing malicious actors to act without detection.

References

https://h20566.www2.hpe.com/hpsc/doc/public/display?docId...
x_refsource_CONFIRM
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/do...
x_refsource_CONFIRM
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/do...
x_refsource_CONFIRM

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.