Cross-Site Scripting Vulnerability in HP Network Node Manager i
CVE-2016-4399

5.4MEDIUM

Key Information:

Vendor: HP
Status: HP Network Node Manager (nnmi)
Vendor: CVE Published:; 6 August 2018

🔔 Create HP Vulnerability Alert

What is CVE-2016-4399?

A security vulnerability was discovered in HP Network Node Manager i (NNMi) Software that permits attackers to execute arbitrary scripts in the context of a user's session. This XSS flaw can potentially be leveraged to steal sensitive information, hijack user sessions, or redirect users to malicious sites. Users of affected versions need to apply available patches to mitigate these risks.

Affected Version(s)

HP Network Node Manager (NNMi) 10.00, 10.01 (patch1), 10.01 (patch 2), 10.10

References

http://www.securityfocus.com/bid/94195

vdb-entryx_refsource_BID

https://support.hpe.com/hpsc/doc/public/display?docLocale...

x_refsource_CONFIRM

http://www.securitytracker.com/id/1037232

vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 6, 2018
Vulnerability Reserved
Apr 29, 2016

.

CVE-2016-4399 : Cross-Site Scripting Vulnerability in HP Network Node Manager i