Access Control Bypass in HPE XP7 Command View by HPE
CVE-2016-4381

4.5MEDIUM

Key Information:

Vendor: HP
Status: Xp7 Command View
Vendor: CVE Published:; 8 September 2016

What is CVE-2016-4381?

HPE XP7 Command View Advanced Edition, specifically versions 6.x through 8.x before 8.4.1-02, has a vulnerability that allows local users to bypass established access restrictions when the Replication Manager and Device Manager features are enabled. This can lead to unauthorized access to sensitive configurations and system controls, potentially compromising data integrity and availability.

References

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/do...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/92733

vdb-entryx_refsource_BID

CVSS V3.1

Score:

4.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 8, 2016
Vulnerability Reserved
Apr 29, 2016