Remote Code Execution Vulnerability in HPE KeyView by HPE
CVE-2016-4390

8.1HIGH

Key Information:

Vendor
HP
Status
Keyview
Vendor
CVE Published:
5 October 2016

Summary

The Filter SDK in HPE KeyView versions 10.18 through 10.24 is susceptible to a vulnerability that enables remote attackers to execute arbitrary code. This security flaw arises from unspecified vectors within the SDK, providing a means for exploitation that is distinct from several other related vulnerabilities. Organizations using these versions of HPE KeyView should prioritize applying necessary patches and implementing security measures to mitigate potential risks associated with unauthorized code execution.

References

http://www.securitytracker.com/id/1036935
vdb-entryx_refsource_SECTRACK
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/do...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/93424
vdb-entryx_refsource_BID

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.