Server-Side Request Forgery Vulnerability in HPE Release Control
CVE-2016-4374

7.7HIGH

Key Information:

Vendor

HP
Status
Release Control
Vendor
CVE Published:
8 August 2016

What is CVE-2016-4374?

HPE Release Control versions 9.13, 9.20, and 9.21 prior to 9.21.0005 p4 are susceptible to server-side request forgery (SSRF) attacks. Remote authenticated users can exploit this vulnerability to manipulate server requests, potentially gaining unauthorized access to sensitive information or triggering a denial of service. The exploitation occurs through unspecified attack vectors, highlighting the need for prompt security updates and user awareness.

References

http://www.securityfocus.com/bid/92357
vdb-entryx_refsource_BID
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/do...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1036533
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
7.7
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2016-4374 : Server-Side Request Forgery Vulnerability in HPE Release Control