Remote Cross Site Scripting Vulnerability in HP Business Service Management Software
CVE-2016-4392

5.4MEDIUM

Key Information:

Vendor

HP
Status
HP Business Service Manager
Vendor
CVE Published:
6 August 2018

What is CVE-2016-4392?

A remote cross site scripting vulnerability has been identified in HP Business Service Management software affecting versions 9.1x, 9.20, and 9.25IP1. This vulnerability allows attackers to inject malicious scripts into web applications viewed by users, potentially compromising sensitive information and enabling further attacks within the network. Organizations utilizing this software should take immediate action to mitigate risks.

Affected Version(s)

HP Business Service Manager v9.1x, v9.20 - v9.25IP1

References

https://support.hpe.com/hpsc/doc/public/display?docLocale...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/93933
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1037127
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.