Cross-Site Scripting Vulnerability in HP Network Node Manager i
CVE-2016-4399

5.4MEDIUM

Key Information:

Vendor
HP
Status
HP Network Node Manager (nnmi)
Vendor
CVE Published:
6 August 2018

Summary

A security vulnerability was discovered in HP Network Node Manager i (NNMi) Software that permits attackers to execute arbitrary scripts in the context of a user's session. This XSS flaw can potentially be leveraged to steal sensitive information, hijack user sessions, or redirect users to malicious sites. Users of affected versions need to apply available patches to mitigate these risks.

Affected Version(s)

HP Network Node Manager (NNMi) 10.00, 10.01 (patch1), 10.01 (patch 2), 10.10

References

http://www.securityfocus.com/bid/94195
vdb-entryx_refsource_BID
https://support.hpe.com/hpsc/doc/public/display?docLocale...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1037232
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.