Remote Code Execution Vulnerability in HPE Smart Update Products
CVE-2016-4377

8.1HIGH

Key Information:

Vendor: HP
Status: Sizing Tool For SAP Business Suite Powered By Hana; SAP Sizing Tool; Insight Management Sizer; Storage Sizing Tool
Vendor: CVE Published:; 22 August 2016

Summary

A vulnerability exists in multiple HPE Smart Update products that allows remote attackers to execute arbitrary code through unspecified vectors. This weakness affects various tools, potentially compromising system security and enabling unauthorized actions on impacted versions. Users and administrators are strongly advised to update their applications to the latest versions to mitigate exposure.

References

http://www.securityfocus.com/bid/92479

vdb-entryx_refsource_BID

https://h20566.www2.hpe.com/hpsc/doc/public/display?docId...

x_refsource_CONFIRM

EPSS Score

17% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 22, 2016
Vulnerability Reserved
Apr 29, 2016